You can enable BitLocker on a standalone computer manually, or you can use Group Policy if you want to enable it on multiple computers. If you manage your devices with Microsoft Intune, you have a third option.
Before we jump to the configuration, make sure that you have a valid Microsoft Intune license and that your computers are Azure AD or Hybrid Azure AD members. We'll also need a computer group that contains devices where we want to enable BitLocker.
Intune profiles allow you to deploy settings to your devices. We will create a new profile and then apply it to the computers where we want to enable BitLocker. Let's start by creating the Intune profile.
Log in to the Microsoft 365 Portal.
Click Admin, and in the Microsoft Endpoint Manager, click the Dashboard to find the configuration profiles.
Click Create Profile.
Create the Intune profile
Select Windows 10 and later for the Platform and Settings catalog for Profile type.
Click Create.
Select the profile and platform
Type a unique name to identify the policy later, and click Next.
Enter the name of the Intune profile
Type "bitlocker" and click Search to display policies about BitLocker.
In Browse by Category, select Administrative Templates > Windows Components > Bitlocker Drive Encryption.
For the setting name, check the first option: Choose drive encryption method.
Add settings to the profile
The Scope tag is optional; you can leave it as is. Click Next.
Select where you want to apply the BitLocker policy. As mentioned above, you must have an Active Directory group that contains the computers for which you want the policy to be applied.
Click Next.
Add the groups to which to apply the policy
Review the configuration and then click Create.
After the configuration profile is created, click Devices and select Configuration Profiles.
Click the policy you created to check the status of the deployment.
Subscribe to 4sysops newsletter!
Monitoring the deployment
If you have many users in your organization who work remotely, Intune is the best solution to enable BitLocker for multiple devices. Let me know about organization's BitLocker policy in a comment below.
