New Contributor


We are in the process of migrating our Drive Encryption solution to Bitlocker. We successfully migrated the majority of our clients with TPM to Bitlocker by using Intune Configuration Profiles. 

The issue we are facing now is that we need to enable Bitlocker on devices without TPM. Users are not local admins so they cannot complete the Bitlocker Wizard.

I have played around with different Intune Profiles, Encryption Policies and custom OMA-URI but the closest I get is through the first prompt regarding 3rd party encryption and then I get UAC prompt to elevate. 


Is there a configuration that allows me to enable Bitlocker on devices that do not have TPM, without requiring IT to have to manually touch each device?


Some screenshot of settings below... I have tried with the "Compatible TPM Startup" as Blocker / Not Configured / Allowed...