Prior to Windows 10, version 1809, only local administrators can enable BitLocker via Intune policy. Managing devices joined to Azure Active Directoryĭevices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. See Plan for BitLocker management in the Configuration Manager documentation for additional information. Microsoft BitLocker Administration and Monitoring (MBAM) capabilities are offered through Configuration Manager BitLocker Management. Refer to the PowerShell examples to see how to store recovery keys in Azure Active Directory (Azure AD). Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired BitLocker Group Policy.Įnterprises can use Microsoft BitLocker Administration and Monitoring (MBAM) to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ends in July 2019 or they can receive extended support until April 2026. These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. Managing domain-joined computers and moving to cloudĬompanies that image their own computers using Configuration Manager can use an existing task sequence to pre-provision BitLocker encryption while in Windows Preinstallation Environment (WinPE) and can then enable protection. The following table lists the Windows editions that support BitLocker management: Windows ProīitLocker management license entitlements are granted by the following licenses: Windows Pro/Pro Education/SEįor more information about Windows licensing, see Windows licensing overview. Windows edition and licensing requirements This article links to relevant documentation, products, and services to help answer this and other related frequently asked questions, and also provides BitLocker recommendations for different types of computers. Though much Windows BitLocker documentation has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. Windows continues to be the focus for new features and improvements for built-in encryption management, such as automatically enabling encryption on devices that support Modern Standby beginning with Windows 8.1. The growth of TPM 2.0, secure boot, and other hardware improvements, for example, have helped to alleviate the support burden on help desks and a decrease in support-call volumes, yielding improved user satisfaction. This vision leverages modern hardware developments. The ideal solution for BitLocker management is to eliminate the need for IT administrators to set management policies using tools or other mechanisms by having Windows perform tasks that are more practical to automate.
0 Comments
Leave a Reply. |