Dell and Dynabook auto-encrypt by default if conditions are met, other brands probably do too (Lenovo do, in my experience). Maybe your expectations are reversed?
https://aps2.support.emea.dynabook.com/kb0/TSB0503YP0001R01.htm
BitLocker GPO
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 72%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBE%3C/text%3E%3C/svg%3E)
Bilal ELAMRANI
6
Reputation points
Hi All,
It was my understanding that after you configured the GPO's for BitLocker you still needed to manually enable BitLocker on each machine. I am seeing the opposite when I enable the BitLocker Drive Encryption Policy and run a gpupdate on that laptop (Dell Win 10 pro) that it automatically turns it on. I have the following GPO settings enabled:
Turn on TPM backup to Active Directory Domain Services - enabled
Require BitLocker backup to AD DS - Enabled
Store BitLocker recovery information in Active Directory Domain Services - Enabled
Allow data recovery agent - Enabled
Choose how BitLocker-protected fixed drives can be recovered - Enabled
Choose how BitLocker-protected operating system drives can be recovered - Enabled
Does anyone know why this is happening or is this some new/expected? Thanks,.
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 25%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
l m 0 Reputation points2025-07-03T15:18:47.1133333+00:00 I AM TRYING TO SETUP BITLOCKER. WHAT OPTION DO I USE FOR A COMPUTER (PC).
I PUT THE S# IN AND, IT CANNOT FIND THE DEVICE. "We don’t see any devices
Add your Surface, Xbox, or related accessory to see its warranty status and create service orders. "
Sign in to comment
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Vicky Wang 2,741 Reputation points2021-02-10T08:30:32.643+00:00 Hi,
Thank you for posting in our forum.
Are the steps and methods you disabled the same as the steps belowAlthough Windows makes it possible to manually enable BitLocker encryption for a storage device, BitLocker can also be enabled and configured through the use of group policy settings. This is particularly useful for organizations who have a compliance mandate to enable BitLocker encryption for all endpoint devices.
You can access the BitLocker settings by opening the Group Policy editor and then navigating through the console tree to Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption. The BitLocker Drive Encryption folder contains ten configurable settings, as well as three subfolders, each of which contain additional settings. You can see the primary collection of settings in Figure
reference:https://specopssoft.com/blog/group-policy-configure-bitlocker/
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best wishes
Vicky-
Bilal ELAMRANI 6 Reputation points
2021-02-10T10:01:48.38+00:00 Hi VickyWang-MFST,
Thank you for your reply,
So I have already configured GPO, my problem is weird with BitLocker,
I have two types of machines, laptop (Dell optiplex 3060) and dekstop (Dell latitude 7300), they have Win 10 entreprise, the problem is after setting up GPO, I noticed that BitLocker is automatically enabled on the laptop, but on the desktop I will have to activate each one manually.I'm trying to find out why on laptop is it automatically activated but on desktop no
-
Sign in to comment -