mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 05:07:23 +00:00
2.6 KiB
2.6 KiB
title, description, ms.topic, ms.date
| title | description | ms.topic | ms.date |
|---|---|---|---|
| BitLocker deployment comparison | Learn about the differences between Microsoft Intune and Microsoft Configuration Manager when managing BitLocker. | conceptual | 10/02/2023 |
BitLocker deployment comparison
This article compares the BitLocker management options between Microsoft Intune and Microsoft Configuration Manager.
| Requirements | Microsoft Intune | Microsoft Configuration Manager |
|---|---|---|
| Supported Windows client editions | Pro, Enterprise, Pro Education, Education | Pro, Enterprise, Pro Education, Education |
| Windows server support | ✅ | |
| Supported domain-joined status | Microsoft Entra joined and hybrid joined | Active Directory-joined, Microsoft Entra hybrid joined |
| Permissions required to manage policies | Endpoint security manager or custom | Full administrator or custom |
| Cloud or on premises | Cloud | On premises |
| Additional agent required? | No (device enrollment only) | Configuration Manager client |
| Administrative plane | Microsoft Intune admin center | Configuration Manager console |
| Compliance reporting capabilities | ✅ | ✅ |
| Force encryption | ✅ | ✅ |
| Allow recovery password | ✅ | ✅ |
| Manage startup authentication | ✅ | ✅ |
| Select cipher strength and algorithms for fixed drives | ✅ | ✅ |
| Select cipher strength and algorithms for removable drives | ✅ | ✅ |
| Select cipher strength and algorithms for operating environment drives | ✅ | ✅ |
| Standard recovery password storage location | Microsoft Entra ID or Active Directory | Configuration Manager site database |
| Store recovery password for operating system and fixed drives to Microsoft Entra ID or Active Directory | Both | Active Directory only |
| Customize preboot message and recovery link | ✅ | ✅ |
| Allow/deny key file creation | ✅ | ✅ |
| Deny Write permission to unprotected drives | ✅ | ✅ |
| Can be administered outside company network | ✅ | ✅ |
| Support for organization unique IDs | ✅ | ✅ |
| Self-service recovery | ✅ | ✅ |
| Recovery password rotation for fixed and operating environment drives | ✅ | ✅ |
| Wait to complete encryption until recovery information is backed up to Microsoft Entra ID | ✅ | |
| Wait to complete encryption until recovery information is backed up to Active Directory | ✅ | ✅ |
| Allow or deny Data Recovery Agent | ✅ | |
| Unlock a volume using certificate with custom object identifier | ✅ | |
| Prevent memory overwrite on restart | ✅ | ✅ |
| Manage auto-unlock functionality | ✅ | ✅ |