There is no official way to do this, if you follow the Microsoft documentation then it requires a user to set the PIN themselves, and they require local admin to do it. Best way is to use Oliver's link posted above or https://www.nicklasahlberg.se/2021/11/16/bitlocker-startup-pin-the-modern-way/ , so you can prompt a GUI for the user to set it themselves.
Deploy Bitlocker with MEM and Prompt user to enter a Startup Pin
I am looking for information on the recommended method of deploying Bitlocker TPM and PIN (the pin is the focus here), to workstations, using MEM, and prompting a user to enter a pin.
I have read through the entire internet twice now, and can't seem to find any information about how to do this (besides using some script some guy wrote a few years ago).
Does Microsoft have a official response on how to deploy Bitlocker in TPM and Pin Mode using MEM/Intune?
The startup PIN is for protection, it should not be guessable. If you allow users to set it, it will be set to their date of birth, which is guessable.
So instead, use my script to set a randomized PIN.
Sign in to comment