No information related to Intune Bitlocker TPM + Pin Device requirements

Warren Stevens 0 Reputation points Microsoft Employee
2024-03-19T11:40:04.2333333+00:00

No information related to Intune Bitlocker TPM + Pin Device requirements

https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#tpm-startup-pin-or-key

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,088 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 48,766 Reputation points Microsoft Vendor
    2024-03-20T01:27:51.5966667+00:00

    @Warren Stevens, Thanks for posting in Q&A. From the article, it mentioned when "TPM startup PIN or key" is set, BitLocker can't silently enable on the device, and instead requires interaction from the end user. Please confirm if you want this.

    Meanwhile for the requirement for TPM startup PIN or key, after checking the BitLocker documents, I find the device must have TPM 1.2 or later versions. A device with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the preboot startup, and it must include support for TCG-specified Static Root of Trust Measurement. You can see more details in the following link:

    https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/#system-requirements

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.