In this blogpost I want show you how to use the Endpoint Protection (Bitlocker) policy within Intune to configure Bitlocker on Windows 10. With Endpoint Protection policies you can configure and enforce Bitlocker on your Windows 10 devices. With the old policies we could already enforce Bitlocker but not enforce the settings of Bitlocker. With Windows 10 1703 the user interface for the end user was already improved but still the user needs to select the Bitlocker settings themselves. There are some settings where the user need to make the right decision and probably not all users know the consequences of some of the settings. The setting about saving the recovery key is for me to most important one. In a MDM scenario I want to enforce that the key will be saved in AzureAD an not locally on a USB drive. So most of the time I want to enforce this setting and more ideal I just want to enable it for the user without disturbing the user.
Continue reading