Can Start-up BitLocker PIN be enabled without User Interaction?

Kashish Goyal 20 Reputation points
2023-10-31T01:46:28.1866667+00:00

Hi,

We want to enable BitLocker Startup PIN using Intune. Is there a way by which the PIN can be setup without User interaction.

From my understanding, we will have to set PIN for each computer and requires user interaction.

Please help.

Thanks in advance

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,881 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 48,001 Reputation points Microsoft Vendor
    2023-10-31T06:12:47.0733333+00:00

    @Kashish Goyal, Thanks for posting in Q&A. Yes, your understanding is correct. When a TPM startup PIN or startup key is required on a device, BitLocker can't silently enable on the device, and instead requires interaction from the end user. Here is a link with more details:

    https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#tpm-startup-pin-or-key

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. MTG 1,206 Reputation points
    2023-11-03T13:21:25.8333333+00:00

    You may use scripts to deploy PINs and encrypt. Can INtune deploy script? It should.

    My article here holds such a script:

    https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html

    It would display the PIN to the user via popup-message and (in case there's no user present) log it to a text file so that the admin may give it to the user later on.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.