Bitlocker policy

Sohel 1 Reputation point
2021-02-08T22:00:23.283+00:00

Hello, I'm new to Bitlocker, I'm using Intune(MEM) and created 2 separate policies to enable/disable "TPM+PIN".

During my test, I noticed once a machine has gone through the initial setup process (with/without PIN) - it can't be reversible.
Meaning, whatever the BitLocker initial policy was applied, the machine will stick with it regardless if I change and apply a different policy, is this true?

Much appreciated!!

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,473 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,356 Reputation points
    2021-02-09T05:58:25.257+00:00

    @Sohel Thanks for posting in our Q&A.

    For this issue, BitLocker Policy cannot be changed once deployed. So, if we want to deploy new BitLocker Policy, it is suggested that remove the device from the old policy assigned group and then disable BitLocker in Windows 10 devices manually. We can read the following link as a reference.
    https://windowsreport.com/disable-bitlocker-windows-8/
    Note: Non-Microsoft link, just for the reference.

    Currently, intune doesn't have ablility to disable BitLocker Policy. During my research, I find other customer who has the same requested posted in Intune uservoice as below. We can vote and post our detailed request here. This is a place to collect customers' requirements and problems.
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/38739133-allow-ability-to-disable-bitlocker-that-is-current

    Thanks for understanding and have a nice day.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.