![allow bitlocker without a compatible tpm allow bitlocker without a compatible tpm](https://i1.wp.com/techdirectarchive.com/wp-content/uploads/2020/01/7ecfc-screenshot-2019-11-04-at-23.32.25.png)
- ALLOW BITLOCKER WITHOUT A COMPATIBLE TPM UPDATE
- ALLOW BITLOCKER WITHOUT A COMPATIBLE TPM PASSWORD
- ALLOW BITLOCKER WITHOUT A COMPATIBLE TPM WINDOWS
Event Viewer will have registered events in Applications and Services log > Microsoft > Windows > BitLocker API This information is stored in the following: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\BitLockerĥ.
![allow bitlocker without a compatible tpm allow bitlocker without a compatible tpm](https://www.thewindowsclub.com/wp-content/uploads/2019/10/Turn_On_BitLocker_for_OS_drive_without_TPM-2-1.png)
Similar information as stated in Step 3 can also be gathered through registry keys. C:\Users\Public\Documents\MDMDiagnosticsĤ. Look for BitLocker keyword, this will be listed under Managed Policies. Report will be saved in C:/Users/Public/Documents/MDMDiagnostics/MDMDiagReport.html. Generate Advanced Diagnostic Report on the Info page in Access work or school Settings. Check Info in Access work or school Settings, you should see BitLocker listed in one of the policies managed by your organization.ģ.Simply you can check the File Explorer and BitLocker can be seen on the drive or you can run a simple PowerShell to view BitLocker status.You can click on one of the listed Configuration Profiles see more. Another way of checking is directly looking up the device and then check the Device configuration. You can click on the device to learn more.Ģ. Go to the Configuration Profiles blade, and check Device status.Either you can check Endpoint Manager Admin center or client to see whether this has deployed properly or not. There are a few ways to monitor and investigate this. You will see the progress, something similar as shown below and it is done. BitLocker is ready to encrypt and click on Continue. I am selecting “ New encryption mode” and click Next.ħ. Select the appropriate method according to your requirements. Compatible mode, learn more here (link will be updated) New encryption mode, learn more here (link will be updated) I am going to pick the quickest method Encrypt used disk space only and click Next. Encrypt entire drive, learn more here (link will be updates) Encrypt used disk space only, learn more here (link will be updated) Best practice is Save to your Azure AD account and continue by clicking Next.ĥ. In this step, system will prompt where the recovery key will be stored.
ALLOW BITLOCKER WITHOUT A COMPATIBLE TPM PASSWORD
For this example, I will select Enter a password option and this will present me to enter the password twice and Next to start encryption.Ĥ. It can be a USB flash drive or password protection.ģ. They will be presented how they would like to unlock the device. Select Yes and it will go ahead to check the system requirements.Ģ. Below is the box they will see and I have selected a typical response for this which is listed below.ġ. End User Experienceĭepends on the way it is configured, users will be prompted to say yes or no whether they are using any other type of disk encryption.
![allow bitlocker without a compatible tpm allow bitlocker without a compatible tpm](https://i.ytimg.com/vi/gLD6xFhoT4Q/maxresdefault.jpg)
Further is covered in the Monitoring Part 2 below. As soon as the device sync occurs, we will see information populated here. This is waiting on the device sync which are member of the Assignment group. These settings are available under Monitor node as shown below.Īs you can see above, Device status has nothing to display. You can check the deployment/compliance status of this profile through the Monitor settings. I am not changing anything in Applicability Rules, so I will Reveiw + create the profile SALES-02 computer is a member of that group.Ħ. For this example, I have assigned newly created profile “ Enable BitLocker with non-compatible TPM endpoints” to a group called “C-Auto-Pilot-Pre-Production-02” as a member. Assign this profile to your intended device group by simply clicking on the Add groups, Select your group and click on Next.
ALLOW BITLOCKER WITHOUT A COMPATIBLE TPM UPDATE
In Configuration settings, we will just update two Windows Encryption settings and leave the rest as default.Īdditional authentication at startup: Requireĥ. Provide Basics information and click NextĤ. Select Platform as “Windows 10 and later”, Profile type as “Templates”, select Endpoint Protection in the listed templates and click Createģ. Go to Home > Devices > Windows > Configuration Profiles > Create ProfileĢ. Log in the Microsoft Endpoint Manager admin center.ġ.