{"id":6413,"date":"2022-11-30T22:21:58","date_gmt":"2022-11-30T22:21:58","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=6413"},"modified":"2023-11-22T00:56:03","modified_gmt":"2023-11-22T00:56:03","slug":"bitlocker-intune","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/bitlocker-intune","title":{"rendered":"Bitlocker Intune"},"content":{"rendered":"\n<p>Check CIS -> <a href=\"https:\/\/www.tenable.com\/audits\/CIS_MS_Windows_10_Enterprise_Bitlocker_v1.4.0\">CIS Microsoft Windows 10 Enterprise (Release 1709) v1.4.0 Bitl&#8230; | Tenable\u00ae<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Administrative Templates<\/h4>\n\n\n\n<p>Windows Components &gt; BitLocker Drive EncryptionChoose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) <strong>Disabled<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Windows Components &gt; BitLocker Drive Encryption &gt; Operating System DrivesEnforce drive encryption type on operating system drives <strong>EnabledSelect the encryption type: (Device)<\/strong> <strong>Used Space Only encryption<\/strong><\/p>\n\n\n\n<p>Require additional authentication at startup <strong>Disabled<\/strong><\/p>\n\n\n\n<p>Configure minimum PIN length for startup <strong>Disabled<\/strong><\/p>\n\n\n\n<p>Allow enhanced PINs for startup <strong>Disabled<\/strong><\/p>\n\n\n\n<p>Choose how BitLocker-protected operating system drives can be recovered <strong>Enabled<\/strong><\/p>\n\n\n\n<p>Omit recovery options from the BitLocker setup wizard <strong>True<\/strong><\/p>\n\n\n\n<p>Allow data recovery agent <strong>True<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Allow 256-bit recovery keyConfigure storage of BitLocker recovery information to AD DS: <strong>Store recovery passwords and key packages<\/strong><\/p>\n\n\n\n<p>Do not enable BitLocker until recovery information is stored to AD DS for operating system drives <strong>False<\/strong><\/p>\n\n\n\n<p>Save BitLocker recovery information to AD DS for operating system drives <strong>True<\/strong><\/p>\n\n\n\n<p>Configure user storage of BitLocker recovery information: <strong>Allow 48-digit recovery password<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Windows Components &gt; BitLocker Drive Encryption &gt; Fixed Data Drives<\/p>\n\n\n\n<p>Enforce drive encryption type on fixed data drives <strong>EnabledSelect the encryption type: (Device) Used Space Only encryption<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Choose how BitLocker-protected fixed drives can be recovered <strong>Enabled<\/strong><\/p>\n\n\n\n<p>Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives <strong>False<\/strong><\/p>\n\n\n\n<p>Configure storage of BitLocker recovery information to AD DS: Backup recovery passwords and key packages<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Allow 256-bit recovery key<\/p>\n\n\n\n<p>Allow data recovery agent <strong>True<\/strong><\/p>\n\n\n\n<p>Configure user storage of BitLocker recovery information: <strong>Allow 48-digit recovery password<\/strong><\/p>\n\n\n\n<p>Save BitLocker recovery information to AD DS for fixed data drives <strong>True<\/strong><\/p>\n\n\n\n<p>Omit recovery options from the BitLocker setup wizard <strong>False<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Windows Components &gt; BitLocker Drive Encryption &gt; Removable Data Drives<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">BitLocker<\/h4>\n\n\n\n<p>Require Device Encryption <strong>Enabled<\/strong><\/p>\n\n\n\n<p>Allow Warning For Other Disk Encryption <strong>Disabled<\/strong><\/p>\n\n\n\n<p>Allow Standard User Encryption <strong>Enabled<\/strong><\/p>\n\n\n\n<p>Configure Recovery Password Rotation : <strong>Refresh on for both Azure AD-joined and hybrid-joined devices<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"777\" height=\"442\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-1.png\" alt=\"\" class=\"wp-image-6414 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-1.png 777w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-1-300x171.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-1-768x437.png 768w\" sizes=\"auto, (max-width: 777px) 100vw, 777px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"702\" height=\"787\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-2.png\" alt=\"\" class=\"wp-image-6415 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-2.png 702w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-2-268x300.png 268w\" sizes=\"auto, (max-width: 702px) 100vw, 702px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"543\" height=\"803\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-3.png\" alt=\"\" class=\"wp-image-6416 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-3.png 543w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/11\/image-3-203x300.png 203w\" sizes=\"auto, (max-width: 543px) 100vw, 543px\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check CIS -> CIS Microsoft Windows 10 Enterprise (Release 1709) v1.4.0 Bitl&#8230; | Tenable\u00ae Administrative Templates Windows Components &gt; BitLocker Drive EncryptionChoose drive encryption method and cipher [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6413","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=6413"}],"version-history":[{"count":5,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6413\/revisions"}],"predecessor-version":[{"id":7478,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6413\/revisions\/7478"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=6413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=6413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=6413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}