It goes without saying that using BitLocker is a great method for encrypting data on Windows 10 endpoints.  If you’re using it to protect your drives, you may wonder how to pair it up most efficiently in your Microsoft Intune environment. 

This article covers a newly released feature in Microsoft Intune that makes deploying BitLocker more efficient and following Intune Bitlocker best practices easier.


The Old Way: Deploy BitLocker as a Windows Configuration in the “RequireDeviceEncryption” Setting

Traditionally, we have set up BitLocker as a Windows Configuration in the “RequireDeviceEncryption” setting. It has worked fine, but it didn’t feel clean. Gathering data from BitLocker outputs was a pain and required digging through multiple panes to find relevant information.  

This all changed with a recent update with Microsoft’s recent update in Intune allowing the configuration to be done under Endpoint Security.  


The New Way: Deploy BitLocker under as a Configure in Endpoint Security

This update not only changes where we configure BitLocker, but it also bolsters our visibility into the output of BitLocker data. When configured under Endpoint Security, the feel mimics a dashboard. It’s a much cleaner look in the space as opposed to simply looking at a config.  

Information is consolidated and visible from a single place. For instance, I’m now able to view user settings per device all in one pane – and the status is viewable.




Configure BitLocker in Microsoft Intune using Endpoint Security

The new configuration is relatively simple as well. You can navigate to it easily by following Endpoint security > Disk encryption, then selecting Create Policy.


From there you can access your BitLocker settings for the configuration, which are typically located in your base settings, fixed drive settings, removable drive settings and OS drive settings. 

For further detail on each of these settings categories, check out this post


Our take on the new BitLocker Configuration

Now, BitLocker is still able to exist in the Windows configuration space. In fact, it can exist in both this space and under Endpoint Security. So, if you want to compare the two to see which you prefer, the option is there. For us though, the answer is clear.  

We’ll be configuring BitLocker in Endpoint Security going forward primarily due to the intuitive set up and reporting capabilities.  

If you have questions about Intune or other configurations, check out our Endpoint Support service, which offers on demand answers to questions and issue resolution.