New Contributor

Hello, 

We are in the process of migrating our Drive Encryption solution to Bitlocker. We successfully migrated the majority of our clients with TPM to Bitlocker by using Intune Configuration Profiles. 

The issue we are facing now is that we need to enable Bitlocker on devices without TPM. Users are not local admins so they cannot complete the Bitlocker Wizard.

I have played around with different Intune Profiles, Encryption Policies and custom OMA-URI but the closest I get is through the first prompt regarding 3rd party encryption and then I get UAC prompt to elevate. 

 

Is there a configuration that allows me to enable Bitlocker on devices that do not have TPM, without requiring IT to have to manually touch each device?

 

Some screenshot of settings below... I have tried with the "Compatible TPM Startup" as Blocker / Not Configured / Allowed... 

Gian202b_0-1631906302779.png

Gian202b_1-1631906417758.png

 

@Darkmenance Thanks for your reply, but no these don't really apply to my situation as they are all GPO. 

My specific situation requires Intune policy as well as the fact the users don't have admin rights.

HIi @Gian202b

 

I have implemented BDE (Bit-locker Drive Encryption) around 120 remote devices, I used Quick Assist (Windows 10 built-in remote access tool) to implement BDE. Quick Assist doesn't support to launch the application in elevated mode; however, I wrote a cmd script that I execute on the remote devices.

www.000webhost.com