BitLocker disk encryption
BitLocker has been available since the first release of Windows Vista and gives the option to encrypt the drives attached to the endpoint. In most cases, BitLocker can work in conjunction with your endpoint that has a Trusted Platform Module (TPM) chip.
As long as you can authenticate to your device and you are not moving the OS disk out of the endpoint and exchanging it for another device, it's unlikely that you will ever need the BitLocker key that is associated with your device disk to decrypt everything. The help desk operator role will be able to access all the keys to restore:
- To enable BitLocker for your Windows 10 or Windows 11 endpoints, you have to go to Endpoint security, followed by Disk encryption.
Figure 13.38 – Endpoint security – Disk encryption
Note
BitLocker is not supported on Windows 365 as of yet.
- Click on Create Policy.
- Select Windows 10 and later as the platform with BitLocker for Profile.
Figure...
