Share via

BitLocker Auto-Encryption Without user Interaction

Emma Brooks 0 Reputation points
2026-06-25T06:38:18.73+00:00

Hello commnunity, We are shipping brand new laptops directly from the factory to remote employees via Autopilot. We want BitLocker to fully encrypt the system drive silently during the device provisioning phase, before the user logs in, without prompting them for local administrative rights or confirmation. What specific setting in our Intune Endpoint Security policy achieves this? Thank you so much!

Windows for business | Windows 365 Business
0 comments No comments

1 answer

Sort by: Most helpful
  1. Domic Vo 25,515 Reputation points Independent Advisor
    2026-06-25T07:10:16.5+00:00

    Hi Emma Brooks,

    To achieve silent BitLocker encryption during the Windows Autopilot provisioning phase for remote employees, you must configure a Microsoft Intune Endpoint Security disk encryption policy with three specific settings. First, enable Allow standard users to enable encryption during Autopilot to allow the process to run without requiring local administrative rights or triggering User Account Control prompts. Second, set Warning for other disk encryption to Block to suppress the native Windows dialog box and prevent the system from interrupting the setup wizard. These configurations interact directly with the underlying BitLocker Configuration Service Provider and the local registry to automate the encryption process and escrow recovery keys silently to Microsoft Entra ID.

    The critical architectural requirement for this deployment is ensuring that the policy is targeted to a Device group rather than a User group. Assigning the policy to the hardware devices forces Microsoft Intune to process and enforce the encryption settings during the initial Device Setup phase of the Autopilot Enrollment Status Page. This ensures that the system drive is fully encrypted, secure, and compliant before the remote employee ever logs in or accesses the Windows desktop.

    Domic

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.