From d33137e0bf65103de2c2868e90baf82b0ca95ee0 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 5 Jan 2021 07:58:24 -0800 Subject: [PATCH 1/3] Update bitlocker-csp.md --- windows/client-management/mdm/bitlocker-csp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 652a24f8e4..adf3b8c44c 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -19,6 +19,9 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. > You must send all the settings together in a single SyncML to be effective. +> [!NOTE] Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern +> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN. + A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns the setting configured by the admin. From 9d17692d214d9b40210111a0f9322dd3e8627b73 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 5 Jan 2021 08:03:33 -0800 Subject: [PATCH 2/3] Update bitlocker-csp.md --- windows/client-management/mdm/bitlocker-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index adf3b8c44c..aafdb95416 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -19,7 +19,8 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. > You must send all the settings together in a single SyncML to be effective. -> [!NOTE] Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern +> [!NOTE] +> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern > Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN. A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns From 67149abc4a71a56cb8ac5bb02a39291d9f31a654 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 5 Jan 2021 10:12:07 -0800 Subject: [PATCH 3/3] Update bitlocker-csp.md --- windows/client-management/mdm/bitlocker-csp.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index aafdb95416..03a48da95f 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -19,10 +19,6 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. > You must send all the settings together in a single SyncML to be effective. -> [!NOTE] -> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern -> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN. - A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns the setting configured by the admin. @@ -304,6 +300,10 @@ If you disable or do not configure this setting, users can configure only basic > [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard. +> [!NOTE] +> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern +> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN. + Sample value for this node to enable this policy is: ```xml