deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md
Paolo Matarazzo 52ccb87cc1 updates
2023-07-25 11:42:32 +02:00

50 lines
3.4 KiB
Markdown
Raw Blame History

---
title: BitLocker deployment comparison
description: This article shows the BitLocker deployment comparison chart.
ms.topic: conceptual
ms.date: 11/08/2022
---
# BitLocker deployment comparison
This article depicts the BitLocker deployment comparison chart.
## BitLocker deployment comparison chart
| Requirements | Microsoft Intune | Microsoft Configuration Manager | Microsoft BitLocker Administration and Monitoring (MBAM) |
|--|--|--|--|
| *Minimum client operating system version* | Windows 11 and Windows 10 | Windows 11, Windows 10, and Windows 8.1 | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11 |
| *Supported Windows SKUs* | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise |
| *Minimum Windows version* | 1909 | None | None |
| *Supported domain-joined status* | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory-joined, hybrid Azure AD joined | Active Directory-joined |
| *Permissions required to manage policies* | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
| *Cloud or on premises* | Cloud | On premises | On premises |
| Server components required? | | ✅ | ✅ |
| *Additional agent required?* | No (device enrollment only) | Configuration Manager client | MBAM client |
| *Administrative plane* | Microsoft Intune admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
| *Administrative portal installation required* | | ✅ | ✅ |
| *Compliance reporting capabilities* | ✅ | ✅ | ✅ |
| *Force encryption* | ✅ | ✅ | ✅ |
| *Encryption for storage cards (mobile)* | ✅ | ✅ | |
| *Allow recovery password* | ✅ | ✅ | ✅ |
| *Manage startup authentication* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for fixed drives* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for removable drives* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for operating environment drives* | ✅ | ✅ | ✅ |
| *Standard recovery password storage location* | Azure AD or Active Directory | Configuration Manager site database | MBAM database |
| *Store recovery password for operating system and fixed drives to Azure AD or Active Directory* | Yes (Active Directory and Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
| *Customize preboot message and recovery link* | ✅ | ✅ | ✅ |
| *Allow/deny key file creation* | ✅ | ✅ | ✅ |
| *Deny Write permission to unprotected drives* | ✅ | ✅ | ✅ |
| *Can be administered outside company network* | ✅ | ✅ | |
| *Support for organization unique IDs* | | ✅ | ✅ |
| *Self-service recovery* | Yes (through Azure AD or Company Portal app) | ✅ | ✅ |
| *Recovery password rotation for fixed and operating environment drives* | Yes (Windows 10, version 1909 and later) | ✅ | ✅ |
| *Wait to complete encryption until recovery information is backed up to Azure AD* | ✅ | | |
| *Wait to complete encryption until recovery information is backed up to Active Directory* | | ✅ | ✅ |
| *Allow or deny Data Recovery Agent* | ✅ | ✅ | ✅ |
| *Unlock a volume using certificate with custom object identifier* | | ✅ | ✅ |
| *Prevent memory overwrite on restart* | | ✅ | ✅ |
| *Configure custom Trusted Platform Module Platform Configuration Register profiles* | | | ✅ |
| *Manage auto-unlock functionality* | | ✅ | ✅ |
Reference in New Issue View Git Blame Copy Permalink