Image result for BitLocker ICO
Intune BitLocker Policy

To configure the policy to allow Silent BitLocker you have two different consoles you can do this from

  1. Microsoft Endpoint Manager Admin Center (MEMAC)

Endpoint security disk encryption policy for Windows 10 BitLocker.

2. Azure Portal > Microsoft Intune > Device Configuration > Profiles

Create a device configuration profile for BitLocker


The wording, information and options displayed in these two areas have subtle differences. One benefit of the options in MEMAC is that the information on each option specifically highlights if it’s required for Silent Bitlocker although Microsoft’s documentation does highlight the base policies that are required

In my lab I used a Device Configuration Profile in Intune

  1. Login to the Azure Portal
  2. Search for Intune and click ‘Intune’

3. Go to ‘Device Configuration>Profiles

4. Select ‘Create profile‘ with the following options:

  • Platform: Windows 10 and Later
  • Profile: Endpoint protection

5. ‘Create’

6. Give the policy a name and description

7. Choose ‘Windows Encryption’

8. Enable the following minimum options. I would suggest reviewing all options

9. ‘Next’
10. Assign to: Users or Devices or both

11. Assign the Profile if Windows 10 Enterprise or Professional is present

12. Click ‘Next>Create’ to completed the policy

This completes the steps for the Silent BitLocker policy

In Part 4 I’ll go through the basic steps for MDM Enrollment

Image result for intune