I recently got presented with a scenario to help deploy Silent BitLocker using Intune in a Hybrid Join scenario.
In this blog I’ll show you the steps to create a proof of concept. It will highlight some problems I’ve encountered and troubleshooting steps.
This lab is not validated for Production Purposes. The configuration and implementation requires further planning and testing in a real world scenario.
This lab and the information here also requires working knowledge of the following technologies:
I would recommend that you have the following documents available to understand what is required to implement this scenario
What is Modern Standby?
Hardware Security Test Interface (HSTI) 1.1a
Kernel DMA Protection
Securing Windows 10 with BitLocker Drive Encryption
BitLocker drive encryption in Windows 10 for OEMs
Manage BitLocker policy for Windows 10 in Intune
Silently enable BitLocker on devices
Guidelines for troubleshooting BitLocker
Automatic Encryption vs Silent BitLocker
Familiarize yourself with the requirements and the differences between the two. This can cause confusion when deploying Silent Bitlocker
From System Information on your computer you may see something similar depending on the hardware support.
In this scenario Automatic Encryption has failed but the Silent BitLocker can still be deployed.
This is the minimum requirements to build a lab with Hyper-V:
Hyper-V Installed on a computer
Azure subscription with custom domain name
1x Domain Controller 2016 or higher
1x Windows 10 1909 or higher
AD Connect Hybrid Identity configured using Express Settings
The reading materials above make direct reference to which versions of Windows are supported for Silent BitLocker with Intune.
See Part 2