Disk encryption policy for endpoint security in Intune
Endpoint security Disk encryption profiles focus on only the settings that are relevant for a devices built-in encryption method, like FileVault or BitLocker. This focus makes it easy for security admins to manage disk encryption settings without having to navigate a host of unrelated settings.
While you can configure the same device settings by using Endpoint Protection profiles for device configuration, the device configuration profiles include additional categories of settings. These additional settings are unrelated to disk encryption and can complicate the task of configuring only disk encryption.
Find the endpoint security policies for disk encryption under Manage in the Endpoint security node of the Microsoft Endpoint Manager admin center.
Prerequisites for disk encryption policy
- macOS - macOS 10.13 or later
- Windows - Windows 10/11
Disk encryption profiles
FileVault - FileVault provides built-in Full Disk Encryption for macOS devices.
Manage FileVault settings for macOS.
To create a FileVault profile, see Use FileVault disk encryption for macOS.
BitLocker - BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers
Manage BitLocker settings for Windows 10.
To create a BitLocker profile, see Use BitLocker disk encryption for Windows.
Manage device encryption
After you deploy policy to encrypt a device disk, see the following articles for information on managing encryption: