diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index c167390523..b86eb930d8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -35,6 +35,11 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge
 
 For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well.
 
+> [!NOTE]
+> To manage Bitlocker, except to enable and disable it, one of the following licenses must be assigned to your users:
+> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5).
+> - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 and A5).
+
 ## Managing workplace-joined PCs and phones
 
 For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD.