CONFIGURE BITLOCKER THROUGH INTUNE
If you are receiving the following recommendation in your Microsoft Security Center, the directions after will help you resolve the issue:
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
This security control is only assessed for machines with Windows 10, version 1803 or later.
Drives that aren’t encrypted are exposed to unauthorized access to user data and to data tampering while the system is offline.
Here is the remediation:
- Sign in to the Microsoft Endpoint Manager admin center (
https://endpoint.microsoft.com
). - Select “Devices” and then “Configuration profiles”.
- Click on “Create profile” and select the platform “Windows 10 and later”.
- Choose the profile type “Endpoint protection” and then “BitLocker”.
- Configure the BitLocker settings according to your preferences.
- Assign the profile to the desired groups.