This post explains how you can enable BitLocker for Windows 10 and Windows 11 with Intune on multiple computers and devices.

You can enable BitLocker on a standalone computer manually, or you can use Group Policy if you want to enable it on multiple computers. If you manage your devices with Microsoft Intune, you have a third option.

Before we jump to the configuration, make sure that you have a valid Microsoft Intune license and that your computers are Azure AD or Hybrid Azure AD members. We'll also need a computer group that contains devices where we want to enable BitLocker.

Intune profiles allow you to deploy settings to your devices. We will create a new profile and then apply it to the computers where we want to enable BitLocker. Let's start by creating the Intune profile.

Log in to the Microsoft 365 Portal.

Click Admin, and in the Microsoft Endpoint Manager, click the Dashboard to find the configuration profiles.

Click Create Profile.

Create the Intune profile

Create the Intune profile

Select Windows 10 and later for the Platform and Settings catalog for Profile type.

Click Create.

Select the profile and platform

Select the profile and platform

Type a unique name to identify the policy later, and click Next.

Enter the name of the Intune profile

Enter the name of the Intune profile

Type "bitlocker" and click Search to display policies about BitLocker.

In Browse by Category, select Administrative Templates > Windows Components > Bitlocker Drive Encryption.

For the setting name, check the first option: Choose drive encryption method.

Add settings to the profile

Add settings to the profile

The Scope tag is optional; you can leave it as is. Click Next.

Select where you want to apply the BitLocker policy. As mentioned above, you must have an Active Directory group that contains the computers for which you want the policy to be applied.

Click Next.

Add the groups to which to apply the policy

Add the groups to which to apply the policy

Review the configuration and then click Create.

After the configuration profile is created, click Devices and select Configuration Profiles.

Click the policy you created to check the status of the deployment.

Subscribe to 4sysops newsletter!

Monitoring the deployment

Monitoring the deployment

If you have many users in your organization who work remotely, Intune is the best solution to enable BitLocker for multiple devices. Let me know about organization's BitLocker policy in a comment below.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account