This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
How to configure/setup "Enable 'Require additional authentication at startup'" on Windows devices via Intune?
See below screenshots.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Vinod Sur, Thanks for posting in Q&A. For the setting "Require additional authentication at startup'". Based on my researching, it will set
"Configure TPM startup"
"Configure TPM startup PIN"
"Configure TPM startup key"
"Configure TPM startup key and PIN"
https://www.prajwaldesai.com/enable-bitlocker-encryption-windows-10/
Note: Non-Microsoft link, just for the reference.
For such setting, in Intune, we can configure a similar setting named "Startup authentication required" under Endpoint security disk encryption policy or endpoint protection policy:
https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#tpm-startup-pin-or-key
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks @Crystal-MSFT
I will check these links and work on this.
@Vinod Sur, Thanks for the reply. If anything else we can help, feel free to let us know.
Thanks for reply. @Crystal-MSFT
Wanted to know do we need to configure below options as well or not required or keep them as default?
For compatibility, set those to Allowed
@Vinod Survase, Thanks for your reply. These are all settings related to configuring BitLocker to use the Trusted Platform Module (TPM) chip for additional security. Whether you need to set these settings or not depends on your organization's security requirements.
If you want to enable the use of TPM as an additional authentication factor in BitLocker, you need to configure these settings.
Here's what each setting does:
Please note that these settings are mutually exclusive. If one is required, the others are blocked. If you want them, you can consider set them as allow.
Thanks @Crystal-MSFT I will make this settings.
You should find these settings under Endpoint Security \ Disk Encryption. If you will not manage this yourself, I could drop you a screenshot tomorrow of my Bitlocker settings which do cover this requirement.
Thanks @Pavel yannara Mirochnitchenko
Please share the screenshot
Hi @Pavel yannara Mirochnitchenko
I have configured same as yours but I am getting this error message. When I don't select any option in last this option it gets saved
And when selected it does not get save and throwing this below error.
Try to save it in parts, configure smaller amount of settings at once.
Hi @Pavel yannara Mirochnitchenko
I made these settings and saved it but its not working at all. Do I need to restart shutdown the device and this setting should kick in? or when this settings takes place?
You need to go through Bitlocker-API node in Event Viewer, those logs will show you what is really happening. Also it is not bad idea to create new Bitlocker policies from scratch. Editing policies might break things.
Hi @Pavel yannara Mirochnitchenko
I have created brand new policy from Endpoint security but it was giving me above error and it did not pick or work yet.
Can you suggest me more on this? How to resolve or make it to work as expected.
Bitlocker-API is the key element here for troubleshoting (in Event Viewer). I suggest you open new thread because you already accepted the answer here. You can tag me in there then.
Hi @Pavel yannara Mirochnitchenko
Sure I will create new question and add you there.