MDT or policy, scripts to automate bitlocker-enabled for domain computers

Eaven HUANG 2,126 Reputation points

Dear experts,

We have new requirement from management that we need to encrypt our domain-joined computers with BitLocker.

  1. What we really need is to store the recovery key in our local AD, this has been tested fine by manually enabling BitLocker on test company with admin account.
  2. We don't need users to set up a pin or password for the devices, we can use automatically BitLocker encryption so that the encryption is hidden from user experience without their notice.
  3. When users use the computer, they can still log in with their domain account and credential without having to enter the BitLocker password. We only need the recovery info to be stored in our AD then in case the hard drive were stolen, it will not be decrypted by others (if BitLocker works like that?) So is there anyway that we can automate the BitLocker function into our MDT server when we install new OS? or we can do this with PowerShell script and run it as task scheduler? we have many standard users without admin right, so it's not going to ask users to enable BitLocker by themselves.


Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,113 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,753 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hania Lian 7,711 Reputation points Microsoft Vendor

    You can configure BitLocker in MDT.
    You can select "Enable BitLocker" in Task Sequence to configure BitLocker.
    In the meantime you can try configuring Bitlocker in rules.

    0 comments No comments