Enhance task sequence step preprovision bitlocker with encryptionmode options
For MBAM clients I want to use preprovisioned bitlocker volumes.
A requirement is to use the AES256 encryption mode.The pre provision bitlocker step defaults to aes128, and cannot be changed in the step itself.
I now have a extra step before the preprovision bitlocker step with this command:
cmd /c reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 4 /f
Updating status to Started.
See https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.
Niall C. Brady commented
To add to this we'd like to see all encryption options available in BitLocker Management today added in this step via a drop down type of scenario (or radio buttons) so you could match the bitlocker management policy deployed to your clients and have the computers compliant once OSD completes.