Enabling Bitlocker encryption on domain computers

ARUN xv 1 Reputation point

Is there a way to automate full disk encryption with GPO on active directory users with TPM enabled??

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,596 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 38,761 Reputation points


    Thank you for your question and reaching out.

    Yes, If your client computers has TPM enabled you can archive this using GPO.

    These settings are available in Local Group Policy Editor, under the section Administrative Templates > Windows Components > BitLocker Drive Encryption.

    GPO contains a lot of settings, so we will highlight only those that are likely to be of major interest to MSPs:

    Enable and allow network unlock at startup.
    Ability to choose additional startup authentication.
    Configure password settings and requirements. You can also configure passwords using a policy for removable drives.
    Control access and usage of removable drives not protected by BitLocker.
    Change hardware-based encryption settings for local drives.

    Reference :



    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  2. ARUN xv 1 Reputation point

    Thank you for reaching out.

    I have tried this method. But I have to manually enable BitLocker on every PC to start the encryption process. the GPO that I applied does not automatically make the encryption.

    0 comments No comments