bitLockerSystemDrivePolicy resource type
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
BitLocker Encryption Base Policies.
Properties
Property | Type | Description |
---|---|---|
encryptionMethod | bitLockerEncryptionMethod | Select the encryption method for operating system drives. Possible values are: aesCbc128 , aesCbc256 , xtsAes128 , xtsAes256 . |
startupAuthenticationRequired | Boolean | Require additional authentication at startup. |
startupAuthenticationBlockWithoutTpmChip | Boolean | Indicates whether to allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive). |
startupAuthenticationTpmUsage | configurationUsage | Indicates if TPM startup is allowed/required/disallowed. Possible values are: blocked , required , allowed , notConfigured . |
startupAuthenticationTpmPinUsage | configurationUsage | Indicates if TPM startup pin is allowed/required/disallowed. Possible values are: blocked , required , allowed , notConfigured . |
startupAuthenticationTpmKeyUsage | configurationUsage | Indicates if TPM startup key is allowed/required/disallowed. Possible values are: blocked , required , allowed , notConfigured . |
startupAuthenticationTpmPinAndKeyUsage | configurationUsage | Indicates if TPM startup pin key and key are allowed/required/disallowed. Possible values are: blocked , required , allowed , notConfigured . |
minimumPinLength | Int32 | Indicates the minimum length of startup pin. Valid values 4 to 20 |
recoveryOptions | bitLockerRecoveryOptions | Allows to recover BitLocker encrypted operating system drives in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. |
prebootRecoveryEnableMessageAndUrl | Boolean | Enable pre-boot recovery message and Url. If requireStartupAuthentication is false, this value does not affect. |
prebootRecoveryMessage | String | Defines a custom recovery message. |
prebootRecoveryUrl | String | Defines a custom recovery URL. |
Relationships
None
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.bitLockerSystemDrivePolicy",
"encryptionMethod": "String",
"startupAuthenticationRequired": true,
"startupAuthenticationBlockWithoutTpmChip": true,
"startupAuthenticationTpmUsage": "String",
"startupAuthenticationTpmPinUsage": "String",
"startupAuthenticationTpmKeyUsage": "String",
"startupAuthenticationTpmPinAndKeyUsage": "String",
"minimumPinLength": 1024,
"recoveryOptions": {
"@odata.type": "microsoft.graph.bitLockerRecoveryOptions",
"blockDataRecoveryAgent": true,
"recoveryPasswordUsage": "String",
"recoveryKeyUsage": "String",
"hideRecoveryOptions": true,
"enableRecoveryInformationSaveToStore": true,
"recoveryInformationToStore": "String",
"enableBitLockerAfterRecoveryInformationToStore": true
},
"prebootRecoveryEnableMessageAndUrl": true,
"prebootRecoveryMessage": "String",
"prebootRecoveryUrl": "String"
}
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for