Encrypt Windows devices with BitLocker in Intune Enabling BitLocker with Intune Configuring BitLocker in Microsoft Intune Step-by-Step Guide to enable BitLocker How do I enable BitLocker with Intune? Where is the BitLocker key in Intune? What is BitLocker key rotation Intune? Automatically enable Bitlocker encryption with Microsoft Intune Create an Intune BitLocker policy for Windows 10 devices How to enable Silent Bitlocker with Intune Bitlocker management via Intune Intune - Bitlocker silent and automatic Encryption Settings Managing Windows Bitlocker Compliance Policy Using Intune
@mithunshegaokar
6 ай бұрын
Hi paddy I have configure bitlocker policy with save recovery key to azureAD option but in while encryption its not giving option for save to your azure AD account- I am using hybrid azure AD environment
@flexmundl3858
2 жыл бұрын
Thanks for that detailed explanation Paddy, Your work is really appreciated, Appreciate sharing the knowledge likewise....
@klentitoska6554
2 жыл бұрын
Thank you Sir You Made my day Keep going...great work
@ketzmann2000
Жыл бұрын
Hi Paddy First I would like to thank you for sharing such enriching videos, they help me a lot in my daily life and I am a big fan. But well, I have a peculiar situation. I need to enable bitlocker for computers that do not have the TPM automatically and without user interaction, as I used your video as a guide and went to other sources so that I could carry out this work. First I had to create a policy of Configuration Profiles > Templates > Administrative Templates > Computer Configuration > Windows Components > BitLocker Drive Encryption > Operating System Drives and enabled the option "Require additional authentication at startup" and checked the checkbox "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" to allow the computer to accept activating bitlocker on a computer without a TPM, then I created the script below: $OSVolume = Get-BitlockerVolume | Where {$_.VolumeType -eq "OperatingSystem"} if ($OSVolume.VolumeStatus -eq "FullyDecrypted") { $PIN = ConvertTo-SecureString "123456789" -AsPlainText -Force Add-BitlockerKeyProtector -MountPoint $OSVolume.MountPoint -RecoveryPasswordProtector Enable-BitLocker -MountPoint $OSVolume.MountPoint -Pin $PIN -TPMandPinProtector BackupToAAD-BitLockerKeyProtector -MountPoint $OSVolume.MountPoint -KeyProtectorId ((Get-BitLockerVolume -MountPoint $OSVolume.MountPoint).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId } But it appears the error "Enable-BitLocker : An external key or password protector is required to enable BitLocker on an operating system volume without a valid TPM." when I try to run in Powershell ISE. I'm running it on an individual computer to apply it to one, as soon as I can solve it I'll send it via script through Intune. Do you have another idea on how to solve this problem or have you already encountered a scenario like this?
@PaddyMaddy26
Жыл бұрын
It looks like you're trying to enable BitLocker on a computer without a Trusted Platform Module (TPM) using a PowerShell script. It appears that you're encountering an error when you try to run the script, stating that an external key or password protector is required to enable BitLocker in this scenario. One potential solution to this problem could be to include the "-KeyProtector" parameter in your call to the "Enable-BitLocker" cmdlet and specify a password or startup key as the key protector. For example: $OSVolume = Get-BitlockerVolume | Where {$.VolumeType -eq "OperatingSystem"} if ($OSVolume.VolumeStatus -eq "FullyDecrypted") { $PIN = ConvertTo-SecureString "123456789" -AsPlainText -Force $KeyProtector = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList "user", (ConvertTo-SecureString "password" -AsPlainText -Force) Enable-BitLocker -MountPoint $OSVolume.MountPoint -Pin $PIN -KeyProtector $KeyProtector BackupToAAD-BitLockerKeyProtector -MountPoint $OSVolume.MountPoint -KeyProtectorId ((Get-BitLockerVolume -MountPoint $OSVolume.MountPoint).KeyProtector | where {$.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId } This will specify a password as the key protector, which should allow you to enable BitLocker on a computer without a TPM. You can also use a startup key by specifying the path to the key file as the key protector. I hope this helps! Let me know if you have any other questions.
@foch41
2 жыл бұрын
After I setup Disc Encryption policy and its pushed out to all devices, will it automatically enable on all new devices added later?
@musicalsoulricky
5 ай бұрын
Awesome is the word for your uploads
@PaddyMaddy26
5 ай бұрын
Thank you so much for your kind words! I'm glad you think my uploads are awesome. I appreciate your support!
@jaydattpurohit4636
Жыл бұрын
Thank you. We have Bit locker policy in place. now i want to create a policy which allow user to connect USB without enforcing the USB encryption. i've created new policy from disk encryption enabling full disk encryption leaving everything else not configured created new group and added required device on it. Will it work?
@PaddyMaddy26
Жыл бұрын
Thank you for your question. Yes, this should work. You will need to create a new policy from the disk encryption and enable full disk encryption. Then, you can create a new group and add the required device to it.
@jaydattpurohit4636
Жыл бұрын
@@PaddyMaddy26 Thank you for the prompt response and vote of confidence. You’re videos have help me a lot… Thanks again.
@habibabdulla3122
2 жыл бұрын
Nice video, but not clear on how to enroll devices to intune, which i beleieve to be the first step.
@PaddyMaddy26
2 жыл бұрын
It has covered very detailed..
@habibabdulla3122
2 жыл бұрын
@@PaddyMaddy26 what about the setup in hybrid mode
@spodingo
Жыл бұрын
What about Bitlocker compliance policy (Require Bitlocker) ? Will Compliance policy enforce bitlocker or will it just say if it is configured or not ?
@PaddyMaddy26
Жыл бұрын
The compliance policy will enforce Bitlocker if it is configured.
@patrickmurphy5389
9 ай бұрын
Your logo in the corner flashing all the time is distracting.
@PaddyMaddy26
9 ай бұрын
This feedback as taken in the new videos are do not have this problem
@PaddyMaddy26
9 ай бұрын
Thank you for your feedback. We value all customer feedback and appreciate you taking the time to share your opinion. We will take your feedback into consideration and make necessary changes to our website. If you have any other suggestions or feedback, we would love to hear from you. Thank you again for your feedback.
Пікірлер: 20