Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

← Ideas

Enhance task sequence step preprovision bitlocker with encryptionmode options

For MBAM clients I want to use preprovisioned bitlocker volumes.
A requirement is to use the AES256 encryption mode.The pre provision bitlocker step defaults to aes128, and cannot be changed in the step itself.
I now have a extra step before the preprovision bitlocker step with this command:
cmd /c reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 4 /f

Thanks to this website:
https://blog.alschneiter.com/2017/05/03/change-bitlocker-drive-encryption-to-xts-aes-256-during-osd-with-configmgr/

199 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
JeroenB shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Niall C. Brady commented  ·   ·  Flag as inappropriate

    To add to this we'd like to see all encryption options available in BitLocker Management today added in this step via a drop down type of scenario (or radio buttons) so you could match the bitlocker management policy deployed to your clients and have the computers compliant once OSD completes.

Ideas: Operating System Deployment

Categories

Feedback and Knowledge Base

(thinking…)