How to initiate Bitlocker from AD

RockmanIT 256 Reputation points

Could someone explain to me what GPO I would have to setup for my Bitlocker Policy that would allow me to start encrypting on any given machine from AD when I want it to encrypt. I would rather do this so that machines dont start automatically encrypting once I add them to the Bitlocker Policy that I already have setup in AD. Any feedback would help

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,836 questions
{count} votes

Accepted answer
  1. Jenny Feng 14,096 Reputation points

    Based on my research, if you don't have something like SCCM\Intune\MBAM also set to encrypt the devices, Group Policy alone isn't able to BitLocker a machine.
    Of the available GPO settings, the one that is arguably the most important to configure is Store BitLocker Recovery Information in Active Directory Domain Services.
    If the machines start encrypting automatically, that are "Connected Standby" devices will automatically enable BitLocker during setup or OOBE (even if automated), so depending on the machines in question this could be expected behavior.

    Hope above information can help you.


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. MTG 1,201 Reputation points

    If you have MBAM, use it. Else, use task scheduler and batch. See my article:

    0 comments No comments