From 4f941d1f87d4bb476c3080b71179da2763fa519d Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 15 Mar 2024 11:31:29 -0600 Subject: [PATCH 1/3] Update note in BitLocker CSP --- windows/client-management/mdm/bitlocker-csp.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index d9cf189c9a..3daf3023c2 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -16,13 +16,19 @@ ms.date: 01/18/2024 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro. > [!NOTE] +> To manage BitLocker through CSP except to enable and disable it using the `RequireDeviceEncryption` policy, regardless of your management platform, one of the following licenses must be assigned to your users: > -> - Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes. -> - You must send all the settings together in a single SyncML to be effective. +> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5). +> - Windows 10/11 Enterprise A3 or A5 (included in Microsoft 365 A3 and A5). A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin. For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption doesn't verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength). + +> [!NOTE] +> +> - Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes. +> - You must send all the settings together in a single SyncML to be effective. From 0ce7c4200022a37b5077db1d2a0b1e3ec24c5c09 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 15 Mar 2024 11:37:51 -0600 Subject: [PATCH 2/3] Minor change --- windows/client-management/mdm/bitlocker-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 3daf3023c2..77ce431acb 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -16,7 +16,7 @@ ms.date: 01/18/2024 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro. > [!NOTE] -> To manage BitLocker through CSP except to enable and disable it using the `RequireDeviceEncryption` policy, regardless of your management platform, one of the following licenses must be assigned to your users: +> To manage BitLocker through CSP except to enable and disable it using the `RequireDeviceEncryption` policy, one of the following licenses must be assigned to your users regardless of your management platform: > > - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5). > - Windows 10/11 Enterprise A3 or A5 (included in Microsoft 365 A3 and A5). From 4bae06ab07e82acae5a214a2d124cadced6a24fa Mon Sep 17 00:00:00 2001 From: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:41:21 -0400 Subject: [PATCH 3/3] pencil edit --- windows/client-management/mdm/bitlocker-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 77ce431acb..647b90ac50 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -660,7 +660,7 @@ Sample value for this node to enable this policy is: `` **Example**: -To disable this policy, use hte following SyncML: +To disable this policy, use the following SyncML: ```xml