From e149c6257ea466a8fafc79a9015d90f1331ff88c Mon Sep 17 00:00:00 2001 From: Rafal Sosnowski <51166236+rafals2@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:09:31 -0800 Subject: [PATCH 1/2] Update bitlocker-management-for-enterprises.md --- .../bitlocker/bitlocker-management-for-enterprises.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index e3bea9928b..3acad9a900 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -37,6 +37,12 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well. +Note: +Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users: +-Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) +-Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) + + ## Managing workplace-joined PCs and phones For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD. From dfa3662f265e9d40fc6df0c0b395e2d917d9f150 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 18:00:50 -0800 Subject: [PATCH 2/2] Update windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../bitlocker/bitlocker-management-for-enterprises.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 3acad9a900..5c994ae869 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -37,11 +37,10 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well. -Note: -Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users: --Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) --Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) - +> [!NOTE] +> To manage Bitlocker, except to enable and disable it, one of the following licenses must be assigned to your users: +> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5). +> - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 and A5). ## Managing workplace-joined PCs and phones