mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 02:13:43 +00:00
fixing some warnings
This commit is contained in:
Greg Lindsay
@ -1,54 +1,54 @@
|
||||
---
|
||||
title: Setting the BitLocker encryption algorithm for Autopilot devices
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
|
||||
keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
|
||||
ms.prod: w10
|
||||
ms.technology: Windows
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
|
||||
# Setting the BitLocker encryption algorithm for Autopilot devices
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
|
||||
|
||||
The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
|
||||
|
||||
To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
|
||||
|
||||
1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
|
||||
2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
|
||||
- **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
|
||||
3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
|
||||
- **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
|
||||
|
||||
An example of Microsoft Intune Windows Encryption settings is shown below.
|
||||
|
||||
|
||||
|
||||
Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
|
||||
|
||||
The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
|
||||
|
||||
Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
|
||||
|
||||
## Requirements
|
||||
|
||||
Windows 10, version 1809 or later.
|
||||
|
||||
## See also
|
||||
|
||||
---
|
||||
title: Setting the BitLocker encryption algorithm for Autopilot devices
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
|
||||
keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
|
||||
# Setting the BitLocker encryption algorithm for Autopilot devices
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
|
||||
|
||||
The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
|
||||
|
||||
To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
|
||||
|
||||
1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
|
||||
2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
|
||||
- **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
|
||||
3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
|
||||
- **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
|
||||
|
||||
An example of Microsoft Intune Windows Encryption settings is shown below.
|
||||
|
||||
|
||||
|
||||
Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
|
||||
|
||||
The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
|
||||
|
||||
Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
|
||||
|
||||
## Requirements
|
||||
|
||||
Windows 10, version 1809 or later.
|
||||
|
||||
## See also
|
||||
|
||||
[Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)
|
||||
|
||||
@ -1,39 +1,39 @@
|
||||
---
|
||||
title: Windows Autopilot Enrollment Status Page
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Gives an overview of the Enrollment Status Page capabilities, configuration
|
||||
keywords: Autopilot Plug and Forget, Windows 10
|
||||
ms.prod: w10
|
||||
ms.technology: Windows
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
|
||||
# Windows Autopilot Enrollment Status Page
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1803 and later
|
||||
|
||||
The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
|
||||
|
||||
The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
|
||||
|
||||
|
||||
|
||||
|
||||
## More information
|
||||
|
||||
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>
|
||||
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
|
||||
For more information about blocking for app installation:
|
||||
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
|
||||
---
|
||||
title: Windows Autopilot Enrollment Status Page
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Gives an overview of the Enrollment Status Page capabilities, configuration
|
||||
keywords: Autopilot Plug and Forget, Windows 10
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
|
||||
# Windows Autopilot Enrollment Status Page
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1803 and later
|
||||
|
||||
The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
|
||||
|
||||
The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
|
||||
|
||||
|
||||
|
||||
|
||||
## More information
|
||||
|
||||
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>
|
||||
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
|
||||
For more information about blocking for app installation:
|
||||
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
|
||||
- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).
|
||||
|
||||
Reference in New Issue
Block a user