From 1c6a2007f3f85797944c0ff19e295e5e3b75e60a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 16 Jan 2019 00:47:43 +0000 Subject: [PATCH] Merged PR 13812: Added bitlocker detail to What's New 1809 Added steps to configure Bitlocker --- windows/whats-new/whats-new-windows-10-version-1809.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 04956b3138..d95b6a7d26 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -69,6 +69,14 @@ You can choose which encryption algorithm to apply automatic BitLocker encryptio For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE. +To achieve this: + +1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. +2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. + - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users. +1. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. This is also important because if the ESP is not enabled, the policy will not apply when the device boots. + + ### Windows Defender Application Guard Improvements Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without needing to change registry key settings.