Well thoroughly explained. Cheers mate.

Great content I subscribed!!!!

Amazing! Thank you for great content.

Please can you update this as the GUI has since changed.

Very helpful, thank you

Thank you

Hi all, There are two options available to encrypt drives: Option 01. under Endpoint Security > Disk Encryption and Option 02. through device configuration profiles. The requirements include saving the key to Azure AD and AD, with the need for silent encryption without a user interface. My question is, Q1. for SILENT BITLOCKER ENCRYPTION, which method should we choose, Option 01 or Option 02? Q2. If we create a profile only under Endpoint Security > Disk Encryption, will the encryption work? Q3. Or do we need to define BitLocker configuration in Endpoint Security, and use the same settings in the profile under device configuration? Q4. And same group assignment for profile created in option 1 and option 2.?

I am a bit confused here, it seems you can also encrypt your devices with bitlocker using a configuration profile > Endpoint Security > Windows encryption Do different situations require different approaches?

nice, thanks

Hi I hope you can help me with this, for days I have been trying to get Windows 11 pro to silent encrypt itself via intune device configuration policies, and all I have been getting is the following in the "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" log: "BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x2". When I configure the device to be encrypted, it prompts me. But when I configure "Hide prompt about third party encryption and "allow standard users to enable encryption during autopilot", seems like it breaks everything. Any suggestions? I knew that there's a difference between Windows Pro and Enterprise when writing keys back into Active Directory around Windows 7/8/8.1 era and, does this encryption only work during OOBE or also post log on, for lets say devices that are already deployed..

Whats the difference between this and endpoint security > Disk Encryption?

After I setup Disc Encryption policy and its pushed out to all devices, will it automatically enable on all new devices added later?

I don't know why I could not follow your movements when you explain. you give good knowledge but not clearto me how you getto this or that point. some how faster than it should be. but thankx for the effort appriciate your time :)