deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-8548913-start

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-03-18 13:57:06 -04:00
commit faaf0194e2
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/client-management/mdm/bitlocker-csp.md
View File

@ -16,13 +16,19 @@ ms.date: 01/18/2024
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro. The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro.
> [!NOTE] > [!NOTE]
> To manage BitLocker through CSP except to enable and disable it using the `RequireDeviceEncryption` policy, one of the following licenses must be assigned to your users regardless of your management platform:
> >
> - Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes. > - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5).
> - You must send all the settings together in a single SyncML to be effective. > - Windows 10/11 Enterprise A3 or A5 (included in Microsoft 365 A3 and A5).
A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin. A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin.
For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption doesn't verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength). For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption doesn't verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
> [!NOTE]
>
> - Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes.
> - You must send all the settings together in a single SyncML to be effective.
<!-- BitLocker-Editable-End --> <!-- BitLocker-Editable-End -->
<!-- BitLocker-Tree-Begin --> <!-- BitLocker-Tree-Begin -->
@ -654,7 +660,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. --> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
**Example**: **Example**:
To disable this policy, use hte following SyncML: To disable this policy, use the following SyncML:
```xml ```xml
<Replace> <Replace>