This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 19%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAX%3C/text%3E%3C/svg%3E)
Is there a way to automate full disk encryption with GPO on active directory users with TPM enabled??
Hello
Thank you for your question and reaching out.
Yes, If your client computers has TPM enabled you can archive this using GPO.
These settings are available in Local Group Policy Editor, under the section Administrative Templates > Windows Components > BitLocker Drive Encryption.
GPO contains a lot of settings, so we will highlight only those that are likely to be of major interest to MSPs:
Enable and allow network unlock at startup.
Ability to choose additional startup authentication.
Configure password settings and requirements. You can also configure passwords using a policy for removable drives.
Control access and usage of removable drives not protected by BitLocker.
Change hardware-based encryption settings for local drives.
Reference :
---------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--
Thank you for reaching out.
I have tried this method. But I have to manually enable BitLocker on every PC to start the encryption process. the GPO that I applied does not automatically make the encryption.