Part 3 – Enable Silent BitLocker with Intune in Hybrid-Join Scenario

Image result for BitLocker ICO
Intune BitLocker Policy

To configure the policy to allow Silent BitLocker you have two different consoles you can do this from

  1. Microsoft Endpoint Manager Admin Center (MEMAC)

Endpoint security disk encryption policy for Windows 10 BitLocker.

2. Azure Portal > Microsoft Intune > Device Configuration > Profiles

Create a device configuration profile for BitLocker


The wording, information and options displayed in these two areas have subtle differences. One benefit of the options in MEMAC is that the information on each option specifically highlights if it’s required for Silent Bitlocker although Microsoft’s documentation does highlight the base policies that are required

In my lab I used a Device Configuration Profile in Intune

  1. Login to the Azure Portal
  2. Search for Intune and click ‘Intune’

3. Go to ‘Device Configuration>Profiles

4. Select ‘Create profile‘ with the following options:

  • Platform: Windows 10 and Later
  • Profile: Endpoint protection

5. ‘Create’

6. Give the policy a name and description

7. Choose ‘Windows Encryption’

8. Enable the following minimum options. I would suggest reviewing all options

9. ‘Next’
10. Assign to: Users or Devices or both

11. Assign the Profile if Windows 10 Enterprise or Professional is present

12. Click ‘Next>Create’ to completed the policy

This completes the steps for the Silent BitLocker policy

In Part 4 I’ll go through the basic steps for MDM Enrollment

Image result for intune

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s