Implement device encryption and security policies using Microsoft Intune

Module
8 Units

Intermediate

Administrator

Microsoft 365

Windows

Microsoft Intune

Deploy and manage device encryption across Windows endpoints using Microsoft Intune. Configure BitLocker policies, manage recovery keys, monitor compliance, and audit encryption status with Microsoft Defender.

Learning objectives

In this module, you'll learn how to:

Explain why device encryption is a regulatory requirement and a security best practice.
Configure BitLocker policies in Intune with appropriate protection levels.
Manage BitLocker recovery keys and enable user self-service recovery.
Monitor encryption compliance across your Windows devices.
Use audit tools in Microsoft Defender to verify endpoint encryption status.

Prerequisites

A basic understanding of Microsoft Intune device management.
Familiarity with Windows security concepts, including the Trusted Platform Module (TPM) and BitLocker.
Awareness of Zero Trust security principles.

Introduction min
Understand the importance of device encryption for compliance and security min
Configure BitLocker policies using Microsoft Intune min
Manage BitLocker recovery keys and user self-service options min
Monitor BitLocker compliance and encryption status in Microsoft Intune min
Audit device encryption with Microsoft Defender min
Knowledge check min
Summary min

Start