Configure BitLocker Management for Microsoft 365 Devices

Manage BitLocker with Device Configuration Profiles

Question

You have a Microsoft 365 subscription and Microsoft 365 E5 licenses assigned to your users.

Your devices are enrolled into Microsoft Endpoint Manager, and you configure Device Configuration Profiles.

You need to create a profile to manage Bitlocker on your devices.

What should you configure?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

You should create a Device configuration profile and add an Endpoint protection setting for managing Bitlocker.

Home > Devices >

Endpoint protection
Windows 10 and iter

@ Basics @ Configuration settings

\ Microsoft Defender Application Guard
V Microsoft Defender Firewall

V Microsoft Defender SmartScreen

‘A Windows Encryption

Windows Settings ©

Encrypt devices © C Require Not configured »
Encrypt storage card (mobile only) © ( Require Not configured »)
BitLocker base settings ©

Warning for other disk encryption © ( Block

Allow standard users to enable C Allow

encryption during Azure AD Join ©

Configure encryption methods © Cc Enable Not configured »

.

Encryption for operating system drives © X1S-AES 128-bit Vv
Encryption for fixed data-drives © XTS-AES 128-bit v
Encryption for removable data-drives © AES-CBC 128-bit v

BitLocker OS drive settings ©

‘Additional authentication at startup © ( Require configured »
BitLocker with non-compatible TPM chip lock Not configured D)

{0}

Option A is incorrect.

This is for protecting access to organizational data.

Option B is incorrect.

This is for determine if devices are compliant or not.

Option C is incorrect.

Defines which platforms, versions, and management types can enroll.

To know more about enabling bitlocker through endpoint protection, please refer to the link below:

The correct answer is B. Compliance Policy.

A compliance policy in Microsoft Endpoint Manager can be used to manage Bitlocker on devices. Bitlocker is a drive encryption feature in Windows that can help protect data on lost or stolen devices. To manage Bitlocker on devices, a compliance policy can be configured with the following settings:

  1. Encryption settings: This setting allows you to configure Bitlocker encryption settings, such as encryption algorithm and key length.

  2. Removable data drives: This setting allows you to require Bitlocker encryption for removable data drives, such as USB flash drives.

  3. Operating system drive: This setting allows you to require Bitlocker encryption for the operating system drive.

  4. Fixed data drives: This setting allows you to require Bitlocker encryption for fixed data drives, such as hard drives.

  5. Recovery information: This setting allows you to require a recovery key or recovery password for Bitlocker-protected drives.

By configuring these settings in a compliance policy, you can ensure that devices are encrypted with Bitlocker and comply with your organization's security policies.

Option A, App protection policy, is used to manage mobile application data protection and is not related to Bitlocker.

Option C, Enrollment Restrictions, is used to control the types of devices that can enroll in Microsoft Endpoint Manager and is not related to Bitlocker.

Option D, Endpoint Protection, is used to manage antivirus and antimalware protection on devices and is not related to Bitlocker.