Bitlocker Intune

Check CIS -> CIS Microsoft Windows 10 Enterprise (Release 1709) v1.4.0 Bitl… | Tenable®

Administrative Templates

Windows Components > BitLocker Drive EncryptionChoose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) Disabled

Windows Components > BitLocker Drive Encryption > Operating System DrivesEnforce drive encryption type on operating system drives EnabledSelect the encryption type: (Device) Used Space Only encryption

Require additional authentication at startup Disabled

Configure minimum PIN length for startup Disabled

Allow enhanced PINs for startup Disabled

Choose how BitLocker-protected operating system drives can be recovered Enabled

Omit recovery options from the BitLocker setup wizard True

Allow data recovery agent True

Allow 256-bit recovery keyConfigure storage of BitLocker recovery information to AD DS: Store recovery passwords and key packages

Do not enable BitLocker until recovery information is stored to AD DS for operating system drives False

Save BitLocker recovery information to AD DS for operating system drives True

Configure user storage of BitLocker recovery information: Allow 48-digit recovery password

Windows Components > BitLocker Drive Encryption > Fixed Data Drives

Enforce drive encryption type on fixed data drives EnabledSelect the encryption type: (Device) Used Space Only encryption

Choose how BitLocker-protected fixed drives can be recovered Enabled

Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives False

Configure storage of BitLocker recovery information to AD DS: Backup recovery passwords and key packages

Allow 256-bit recovery key

Allow data recovery agent True

Configure user storage of BitLocker recovery information: Allow 48-digit recovery password

Save BitLocker recovery information to AD DS for fixed data drives True

Omit recovery options from the BitLocker setup wizard False

Windows Components > BitLocker Drive Encryption > Removable Data Drives

BitLocker

Require Device Encryption Enabled

Allow Warning For Other Disk Encryption Disabled

Allow Standard User Encryption Enabled

Configure Recovery Password Rotation : Refresh on for both Azure AD-joined and hybrid-joined devices

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...