bitLockerSystemDrivePolicy resource type
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
BitLocker Encryption Base Policies.
Properties
| Property | Type | Description |
|---|---|---|
| encryptionMethod | bitLockerEncryptionMethod | Select the encryption method for operating system drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256. |
| startupAuthenticationRequired | Boolean | Require additional authentication at startup. |
| startupAuthenticationBlockWithoutTpmChip | Boolean | Indicates whether to allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive). |
| startupAuthenticationTpmUsage | configurationUsage | Indicates if TPM startup is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. |
| startupAuthenticationTpmPinUsage | configurationUsage | Indicates if TPM startup pin is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. |
| startupAuthenticationTpmKeyUsage | configurationUsage | Indicates if TPM startup key is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. |
| startupAuthenticationTpmPinAndKeyUsage | configurationUsage | Indicates if TPM startup pin key and key are allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. |
| minimumPinLength | Int32 | Indicates the minimum length of startup pin. Valid values 4 to 20 |
| recoveryOptions | bitLockerRecoveryOptions | Allows to recover BitLocker encrypted operating system drives in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. |
| prebootRecoveryEnableMessageAndUrl | Boolean | Enable pre-boot recovery message and Url. If requireStartupAuthentication is false, this value does not affect. |
| prebootRecoveryMessage | String | Defines a custom recovery message. |
| prebootRecoveryUrl | String | Defines a custom recovery URL. |
Relationships
None
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.bitLockerSystemDrivePolicy",
"encryptionMethod": "String",
"startupAuthenticationRequired": true,
"startupAuthenticationBlockWithoutTpmChip": true,
"startupAuthenticationTpmUsage": "String",
"startupAuthenticationTpmPinUsage": "String",
"startupAuthenticationTpmKeyUsage": "String",
"startupAuthenticationTpmPinAndKeyUsage": "String",
"minimumPinLength": 1024,
"recoveryOptions": {
"@odata.type": "microsoft.graph.bitLockerRecoveryOptions",
"blockDataRecoveryAgent": true,
"recoveryPasswordUsage": "String",
"recoveryKeyUsage": "String",
"hideRecoveryOptions": true,
"enableRecoveryInformationSaveToStore": true,
"recoveryInformationToStore": "String",
"enableBitLockerAfterRecoveryInformationToStore": true
},
"prebootRecoveryEnableMessageAndUrl": true,
"prebootRecoveryMessage": "String",
"prebootRecoveryUrl": "String"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for