I don't know what I would have done without you Jonathan... I can't thank you enough

Making me a better tech, one video at a time. Thanks Jonathan!

thanks mate for the this video. Will definitely try this one to our organization. As of now, our subscription still on pending from e1 to e3. I hope it covers Intune using e3 license. great video. Robert here from Philippines :)

Hi Jonathan, thank you so much for creating this very useful and simple to understand and deploy the BitLocker. I have one query, as you have disabled the startup PIN and recovery keys while booting, so how does it help and makes more secure if someone try to access the data?

How does it work with Hybrid systems? Ideally I would love to see Intune manage more hybrid systems.

En español ... muy buen video ,gracias ., Saludos desde Chile

Great video! I'm sure they could have made those configuration options a little easier, maybe using 'configuration profiles', Standard, High Security etc. QQ When you setup device compliance policies that include, for example, drive encryption, does Windows 'self-remediate' by enabling bitlocker? I've seen non-compliant devices in endpoint manager that failed due to drive encryption magically become complaint the following day.

Hi Jonathan. Thank you for such an informative video. I had already configured bitlocker policy as shown in your video but I still have to go to end user devices to turn bitlocker on for those devices that had it off Is there a way to configure this policy so it turns bitlocker on automatically without any user or admin interaction?? This has been my challenge

PDE is a topic I’m looking forward to seeing explored.

thanks for sharing and I hope you enjoy your trip! If we wanted to target a small group for testing, Bitlocker is applied at the device group level, not a user level? And if the policy fails to apply, do you have any troubleshooting tips?

Can I use the same settings in a hybrid environment?

Hi Jonathan, great informative video as always, have followed your setup, but am getting a Conflict for Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later and Require additional authentication at startup, what would you advise please ?

Nice to see you in Makati.

nice video - Bitlocker is not available in home editions of windows 10 / 11 - so I just use the built in disk encryption feature thats in my dell bios

Hi Jonathan, very helpful demo, a quick question though, if bitlocker policy was previously deployed on devices that were "Hybrid Joined Devices" and now are "Entra joined devices", the encryption is there, but the lock icon on the drive shows unlocked, should we in this case push the policy again, or manually re-enable the encryption after the device has been disconnected from a local active directory and joined through Entra.

thank you , great content . Quick question here . I have had a project where my clients wanted to have machines required to enter the PIN during boot. I have done some research and learnt that Intune does not support that out of the box and you might need to do some PowerShell to handle that through scripts and remediation's. DO you think this is possible with just Intune? can you do a Video for that?

So you don’t recommend removable data drives be used in a secure environment, but why not enable the security protections here? Do you have another policy to disable their use? And do you allow admins the ability to use usb keys for things creating driver disks and windows 11 installer keys?

will the endpoint policy overwrite encryption policies located elsewhere? and is there a way to upgrade 128 to 256 encryption on an already encrypted endpoint?

Can't believed you're in the Philippines. Are you stationed there or a company hired you?

YEAHHHHHHHHHHHHHHHHHHHHHHHHH

BitLocker creates way more problems than it