Endpoint Management
Deploying a BitLocker Policy using Configuration Manager
Last modified 6/26/2020
About
This will show you how to use Configuration Manager to enable BitLocker on your devices by deploying a BitLocker Policy.
Before You Begin
Prerequisites
Be sure you meet the following prerequisites:
- Configuration Manager client is installed
- Devices have a TPM and it is enabled/activated
- More Info: Turn on Trusted Platform Module (TPM)
- No MBAM Group Policies are being applied.
- More Info: Migrate Bitlocker from MBAM to ConfigMgr
Getting Started
- Navigate to Endpoint Protection → BitLocker Management in the Microsoft Endpoint Configuration Manager console
- Select the policy you want to deploy and either click Deploy from the top tool bar or right-click the policy and select Deploy
- Browse for and select the collection you want to deploy the policy to, check the box to allow remediation outside the maintenance window, set a simple or custom schedule, and select OK
Viewing the Deployment Status
- Navigate to Monitoring → Deployments and find your BitLocker policy deployment
- Right-click your BitLocker policy deployment and select View Status