Share via

How to configure/setup "Enable 'Require additional authentication at startup'" on Windows devices via Intune?

Vinod Survase 4,756 Reputation points
Jun 12, 2023, 2:12 PM

How to configure/setup "Enable 'Require additional authentication at startup'" on Windows devices via Intune?

See below screenshots.

User's image

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
444 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,945 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
969 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,326 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 50,591 Reputation points Microsoft Vendor
    Jun 13, 2023, 1:59 AM

    @Vinod Sur, Thanks for posting in Q&A. For the setting "Require additional authentication at startup'". Based on my researching, it will set

    "Configure TPM startup"

    "Configure TPM startup PIN"

    "Configure TPM startup key"

    "Configure TPM startup key and PIN"

    User's image

    https://www.prajwaldesai.com/enable-bitlocker-encryption-windows-10/

    Note: Non-Microsoft link, just for the reference.

    For such setting, in Intune, we can configure a similar setting named "Startup authentication required" under Endpoint security disk encryption policy or endpoint protection policy:

    User's image

    https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#tpm-startup-pin-or-key

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


2 additional answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,626 Reputation points MVP
    Jun 12, 2023, 9:02 PM

    You should find these settings under Endpoint Security \ Disk Encryption. If you will not manage this yourself, I could drop you a screenshot tomorrow of my Bitlocker settings which do cover this requirement.


  2. Pavel yannara Mirochnitchenko 12,626 Reputation points MVP
    Jun 28, 2023, 2:42 PM

    Bitlocker-API is the key element here for troubleshoting (in Event Viewer). I suggest you open new thread because you already accepted the answer here. You can tag me in there then.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.