deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/operating-system-security/data-protection/bitlocker/includes/require-device-encryption.md
Paolo Matarazzo f8d6a696f5 updates
2023-09-27 07:43:20 -04:00

1.8 KiB
Raw Blame History

author, ms.author, ms.date, ms.topic
author ms.author ms.date ms.topic
paolomatarazzo paoloma 09/24/2023 include

Require device encryption

This policy setting determines whether BitLocker is required:

  • If enabled, encryption is triggered on all drives silently or non-silently based on Allow warning for other disk encryption policy
  • If disabled, BitLocker isn't turned off for the system drive, but it stops prompting the user to turn BitLocker on.

Note

Typically, BitLocker follows the Choose drive encryption method and cipher strength policy configuration. However, this policy setting will be ignored for self-encrypting fixed drives and self-encrypting OS drives.

Encryptable fixed data volumes are treated similarly to OS volumes, but they must meet other criteria to be encryptable:

  • It must not be a dynamic volume
  • It must not be a recovery partition
  • It must not be a hidden volume
  • It must not be a system partition
  • It must not be backed by virtual storage
  • It must not have a reference in the BCD store

Note

Only full disk encryption is supported when using this policy for silent encryption. For non-silent encryption, encryption type will depend on the Enforce drive encryption type on operating system drives and Enforce drive encryption type on fixed data drives policies configured on the device.

Path
CSP ./Device/Vendor/MSFT/BitLocker/RequireDeviceEncryption
GPO Not available