How to configure drive encryption BitLocker using Intune
How to configure drive encryption BitLocker using Intune
Steps:
- Go to the Microsoft Endpoint Manager admin center.
- Select Devices > Configuration profiles.
- Click Create profile.
- In the Profile type section, select Device configuration.
- In the Template name section, enter a name for the profile, such as BitLocker Drive Encryption.
- In the Profile settings section, expand Device security and then select BitLocker.
- Select the Enable BitLocker option.
- Select the Require users to enter a PIN to unlock their drives option.
- If you want to allow users to recover their BitLocker keys, you can select the Allow users to recover their BitLocker keys option and then enter the recovery key URL.
- Click Next.
- In the Assignments section, select the devices or users that you want to assign the policy to.
- Click Next.
- In the Review + create section, review the settings and then click Create.
Once the policy is created, it will be assigned to the selected devices or users. The devices will be automatically encrypted with BitLocker.
Here are some additional things to keep in mind:
- The BitLocker policy will only apply to devices that are running Windows 10 or later.
- If you are using BitLocker with removable drives, you will need to create a separate policy for removable drives.
- You can also use the BitLocker settings in the Intune admin center to configure BitLocker for specific drives, such as the operating system drive or a data drive.
How to recover BitLocker key
There are a few ways to recover a BitLocker key:
- Using the BitLocker recovery key: If you have saved the BitLocker recovery key, you can use it to unlock your drive. The recovery key is a 48-digit alphanumeric code that is generated when you enable BitLocker. You can save the recovery key to a USB drive, a piece of paper, or in a secure location.
- Using the BitLocker recovery password: If you have enabled BitLocker with a recovery password, you can use that password to unlock your drive. The recovery password is a 128-character password that you create when you enable BitLocker.
- Using the Microsoft Account recovery key: If you have signed in to your Windows device with a Microsoft account, you can use the Microsoft Account recovery key to unlock your drive. The Microsoft Account recovery key is a 32-character code that is generated when you create a Microsoft account.
- Using the Intune admin center: If you have enabled BitLocker using Intune, you can recover your BitLocker key from the Intune admin center.
If you have lost your BitLocker key, you can try the following steps to recover it:
- Check your Microsoft account settings. If you have saved your BitLocker recovery key in your Microsoft account, you can find it there.
- Check your device for a recovery key sticker. Some devices have a recovery key sticker that is located on the device itself.
- Contact your IT administrator. If you are using a work or school device, your IT administrator may be able to help you recover your BitLocker key.
If you are still unable to recover your BitLocker key, you may need to reset your device. Resetting your device will erase all of your data, so it is important to back up your data before you reset your device.
- You should always save your BitLocker recovery key in a safe place.
- If you are using a work or school device, you should check with your IT administrator to see if they have a policy for storing BitLocker recovery keys.
- If you have lost your BitLocker recovery key, you may be able to recover your data by using a data recovery service. However, this can be expensive and may not be successful.
