You have a Microsoft 365 E5 subscription and manage your devices in Endpoint Manager.
You have a mix of Windows10 and MacOS devices.
You want to create a policy to encrypt your Windows 10 devices.
What should you configure?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
Bitlocker is used for encrypting Windows 10 devices in Endpoint Manager.
Configure Bitlocker by setting up a Device Configuration Profile with the type Endpoint Protection.
Option A is incorrect.
PointSec is an encryption product delivered by Check Point software.
Not configurable through endpoint manager policy.
Option B is incorrect.
FileVault is used for encrypting MacOS devices.
Option D is incorrect.
Pretty Good Privacy (PGP) is an encryption product for sending encrypted emails and encryption sensitive files.
Not configurable through endpoint manager policy.
To know more about encrypting devices with bitlocker, please refer to the link below:
The correct answer to this question is C. BitLocker.
BitLocker is a full-disk encryption tool that is built into Windows 10, which can be used to protect the data on a Windows 10 device from unauthorized access. It provides encryption for the entire operating system volume, including system files and user data. With BitLocker, you can also protect removable drives and specify how to unlock protected drives.
To configure BitLocker in Endpoint Manager, you need to create a device configuration profile that includes the BitLocker settings you want to apply to your Windows 10 devices. These settings include:
Choose which encryption method to use: BitLocker provides two encryption methods, AES 128-bit and AES 256-bit. You can choose the encryption method that best suits your needs.
Choose which encryption mode to use: BitLocker provides two encryption modes, TPM-only mode and TPM with startup key mode. TPM-only mode uses the Trusted Platform Module (TPM) chip on the device to store the encryption key, while TPM with startup key mode requires a startup key in addition to the TPM.
Choose how to unlock the drive: You can configure BitLocker to unlock the drive using a password, a smart card, or a USB drive.
Choose how to recover the drive: If the encryption key is lost or the device fails to start, you can use a recovery key to regain access to the encrypted drive. You can store the recovery key in Active Directory, in Azure AD, or in a file.
Once you have created the device configuration profile, you can assign it to the Windows 10 devices you want to encrypt. The devices will then be encrypted according to the settings you configured in the profile.
Note that for MacOS devices, you would use FileVault as the encryption tool. PointSec and PGP are not commonly used encryption tools for Windows 10 devices.