It goes without saying that using BitLocker is a great method for encrypting data on Windows 10 endpoints. If you’re using it to protect your drives, you may wonder how to pair it up most efficiently in your Microsoft Intune environment.
This article covers a newly released feature in Microsoft Intune that makes deploying BitLocker more efficient and following Intune Bitlocker best practices easier.
The Old Way: Deploy BitLocker as a Windows Configuration in the “RequireDeviceEncryption” Setting
Traditionally, we have set up BitLocker as a Windows Configuration in the “RequireDeviceEncryption” setting. It has worked fine, but it didn’t feel clean. Gathering data from BitLocker outputs was a pain and required digging through multiple panes to find relevant information.
This all changed with a recent update with Microsoft’s recent update in Intune allowing the configuration to be done under Endpoint Security.
The New Way: Deploy BitLocker under as a Configure in Endpoint Security
This update not only changes where we configure BitLocker, but it also bolsters our visibility into the output of BitLocker data. When configured under Endpoint Security, the feel mimics a dashboard. It’s a much cleaner look in the space as opposed to simply looking at a config.
Information is consolidated and visible from a single place. For instance, I’m now able to view user settings per device all in one pane – and the status is viewable.
Configure BitLocker in Microsoft Intune using Endpoint Security
The new configuration is relatively simple as well. You can navigate to it easily by following Endpoint security > Disk encryption, then selecting Create Policy.
From there you can access your BitLocker settings for the configuration, which are typically located in your base settings, fixed drive settings, removable drive settings and OS drive settings.
For further detail on each of these settings categories, check out this post.
Our take on the new BitLocker Configuration
Now, BitLocker is still able to exist in the Windows configuration space. In fact, it can exist in both this space and under Endpoint Security. So, if you want to compare the two to see which you prefer, the option is there. For us though, the answer is clear.
We’ll be configuring BitLocker in Endpoint Security going forward primarily due to the intuitive set up and reporting capabilities.
If you have questions about Intune or other configurations, check out our Endpoint Support service, which offers on demand answers to questions and issue resolution.
Terrence is our Senior Engineer in the US and works with clients in the Microsoft O365 space helping to design and development Endpoint Management solutions. Terrence is a Marine Corps veteran and graduate of Kaplan University. Prior to joining Mobile Mentor, Terrence spent over 5 years working for a Microsoft top 10 Consulting partner in the SCCM and O365 technology space where he implemented and designed solutions for different clients both large and small.