Enhance task sequence step preprovision bitlocker with encryptionmode options
For MBAM clients I want to use preprovisioned bitlocker volumes.
A requirement is to use the AES256 encryption mode.The pre provision bitlocker step defaults to aes128, and cannot be changed in the step itself.
I now have a extra step before the preprovision bitlocker step with this command:
cmd /c reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 4 /f
Updating status to Started.
See https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.
Niall C. Brady commented
To add to this we'd like to see all encryption options available in BitLocker Management today added in this step via a drop down type of scenario (or radio buttons) so you could match the bitlocker management policy deployed to your clients and have the computers compliant once OSD completes.
Nathan Blasac commented
also the ability to select between used space only and full disk would be excellent.
Currently in OSD you cannot without an additional step set up set non defaults for encryption. Please add options for the OSD steps pre provision or enable bitlocker to have options for non default encryption like xts-aes 256.