Hi,
I think you can acheive this via GPO and also you will need to test this one a device before you rollout to all the users, best practice is to test on a device, backup the recovery keys and try to decrypt the process.
bitlocker-group-policy-settings
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.