Can Start-up BitLocker PIN be enabled without User Interaction?

Kashish Goyal 20 Reputation points


We want to enable BitLocker Startup PIN using Intune. Is there a way by which the PIN can be setup without User interaction.

From my understanding, we will have to set PIN for each computer and requires user interaction.

Please help.

Thanks in advance

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,523 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 36,671 Reputation points Microsoft Vendor

    @Kashish Goyal, Thanks for posting in Q&A. Yes, your understanding is correct. When a TPM startup PIN or startup key is required on a device, BitLocker can't silently enable on the device, and instead requires interaction from the end user. Here is a link with more details:

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. MTG 1,126 Reputation points

    You may use scripts to deploy PINs and encrypt. Can INtune deploy script? It should.

    My article here holds such a script:

    It would display the PIN to the user via popup-message and (in case there's no user present) log it to a text file so that the admin may give it to the user later on.

    0 comments No comments