Intune leverages BitLocker, Microsoft’s Windows encryption utility, to protect its Windows endpoints. All Windows devices enrolled in Intune must be encrypted, including desktops, laptops, and tablets. This is enforced to maintain compliance with UVM security policy and industry best practices.
BitLocker leverages the Trusted Platform Module (TPM) hardware chip to encrypt devices. If a device does not have a TPM, a pin will be required to encrypt the device. Users with devices that fail to encrypt due to not having a TPM should contact the Tech Team for assistance.
Verify Encryption Status
The easiest method to verify BitLocker status on a Windows device is to look at the status of the C: drive in This PC.
Windows 10
Windows 11
Key Recovery
If something goes wrong with the computer, BitLocker may prompt for a recovery key in order to unlock the drive prior to the computer booting into Windows. If this happens, users need to reach out to the Tech Team to request a recovery key.