Disable BitLocker drive encryption in Windows 10 for OEMs

Stéphane Lalancette 191 Reputation points
2020-12-09T17:16:54.367+00:00

Hi, does anyone know how to prevent auto device encryption via Intune?

This link shows how to do it via a registry key, but we want to disable it during Autopilot provisionning during our tests.

https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker#disable-bitlocker-automatic-device-encryption

Thank you in advance and don't hesitate if you have any questions.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,805 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jenny Feng 14,091 Reputation points
    2020-12-10T03:07:18.2+00:00

    @Stéphane Lalancette
    Hi,

    The only option you can find related to Bitlocker is "Require" or "Not configured".
    You need to create a custom OMA-URI policy to enable the setting "Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices" in Policy CSP.
    Here are some posts with the similar issue with yours, just for your reference, you can try the method mentioned by Mark_Thomas:
    https://social.msdn.microsoft.com/Forums/en-US/d9ff2e01-5e36-4aa2-8a92-31094502e1da/can-we-disable-automatic-bitlocker-encryption-on-azure-ad-join?forum=WindowsAzureAD
    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful