New-CMBMSFDVEncryptionPolicy
Create a policy to manage whether to use BitLocker encryption on fixed data drives.
Syntax
New-CMBMSFDVEncryptionPolicy
[-PolicyState <State>]
[-AutoUnlock <Dispensation>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Create a policy to manage whether to use BitLocker encryption on fixed data drives.
When you enable this policy, also create a password policy for fixed data drives. The only exception is if you allow or require the use of auto-unlock for fixed data drives. For more information, see New-CMFDVPassPhrasePolicy.
If you require the use of auto-unlock for fixed data drives, encrypt the OS volume too.
Examples
Example 1: New enabled policy that prohibits auto-unlock
This example creates a new policy that's enabled and doesn't allow auto-unlock.
New-CMBMSFDVEncryptionPolicy -PolicyState Enabled -AutoUnlock ProhibitParameters
-AutoUnlock
Allow, require, or prohibit BitLocker to automatically unlock any encrypted data drive. To use auto-unlock, also require BitLocker to encrypt the OS drive.
| Type: | Dispensation |
| Accepted values: | Allow, Require, Prohibit |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, the user has to put all fixed data drives under the BitLocker protection, and BitLocker encrypts the drives.Disabled: If you disable this policy, the user can't put fixed data drives under BitLocker protection. If you disable this policy after BitLocker encrypts fixed data drives, BitLocker decrypts the fixed data drives.NotConfigured: If you don't configure this policy, BitLocker doesn't require users to put fixed data drives under protection.
| Type: | State |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for