Bitlocker Encryption Prompts after Intune Device Enrolment


Disk Encryption is a requirement for all University of Leeds mobile devices.

Current versions of Windows enable disk encryption by default, but may not be enabled on some devices due to hardware configuration, or if upgraded from previous versions of Windows.  If the disk is not encrypted, Intune Endpoint Management will request that you enable it upon enrolment.

If you receive the following notification after enrolling a device into Intune, please follow the steps below.

IMPORTANT STEPS BEFORE PROCEEDING:

Enabling Bitlocker 

Double Click the Notification and follow the prompts.

Check the box for "I don't have any other disk encryption software installed", encrypt all my disks.

Click Yes.

The following dialogue box will offer the following options. If you have other disk encryption software installed such as Sophos Safeguard, click No and contact IT for further support.  

 

Are you ready to start encryption? Disk encryption software other than BitLocker or Windows device encryption wi I prevent Windows from starting after you encrypt your device. If this happens, you'll need to re-install Windows, and all data on your device will be lost. I don't have any other disk encryption software installed, encrypt all my disks Do not ask me again. Learn more Yes No

 

If you are sure there is no other encryption software installed, check the "I don't have any other disk encryption software installed, encrypt all my disks" box and click "Yes" to continue.

 

Are you ready to start encryption? Disk encryption software other than BitLocker or Windows device encryption wi I prevent Windows from starting after you encrypt your device. If this happens, you'll need to re-install Windows, and all data on your device will be lost. I don't have any other disk encryption software installed, encrypt all my disks Do not ask me again. Learn more -1 Yes No

 

 

You will then be prompted to restart the computer. If you have any external media attached, such as USB drives or CD/DVDs in the drive, Windows will warn you to remove these. Please do this before proceeding.

You will then need to restart the computer and reselect the above options to encrypt the drive.

 

8itLocker Drive Encryption Starting BitLocker BitLocker Drive Encryption detected bootable media (CD or DVD) in the computer. Remove the media and restart the computer before configuring BitLocker. What are BitLocker's system requirements? Cancel

 

If you have not removed all external media, you will receive the following notification in the Action Centre and will need to repeat the above steps again.

 

 

BitLocker Drive Encryption Cannot encrypt the drive BitLocker Drive Encryption detected bootable media (CD or DVD) in the computer. Remove the media and restart the computer before configuring 8itLocker. Bootable media changes the system boot information used by 8itLocker for system security. Restart nmv Restart later

 

 

If you are presented with the following error, please notify IT by replying to the email you received directing you to these instructions for further assistance, as additional configuration may be required.

 

8itLocker Drive Encryption Starting BitLocker This device cannot use a Trusted Platform Module. Your administrator must set the "Allow 8itLocker without a compatible TPM" option in the "Require additional authentication at start-up" policy for OS volumes. What are 8itLocker's system requirements? Cancel

 

 

If you do not receive any of the above messages you will be asked to save your Bitlocker recovery key.

Select "Save to your Azure AD account" and click Next.

 

BitLocker Drive Encryption How do you want to back up your recovery key? O Some settings are managed by your system administrator. A recovery key can be used to access your files and folders if you're having problems unlocking your PC. It's a good idea to have more than one and keep each in a safe place other than pur PC. -9 Save to your Azure AD account Save to a file print the recovery key How can find my recovery key later?

 

Select "Encrypt the entire drive" (You can still work whilst the disk is encrypting). Click Next.

 

BitLocker Drive Encryption Choose how much of your drive to encrypt If you're setting up 8itLocker on a new drive or a new PC, you only need to encrypt the pat of the drive that's currently being used. 8itLocker encrypts new data automatically as you add it. If you're enabling 8itLocker on a PC or drive that's already in use, consider encrypting the entire drive. Encrypting the entire drive ensures that all data is protected — even data that you've deleted but that might still contain retrievable information. C) Encrypt used disk space only (faster and best for new PCs and drives) @ Encrypt entire drive (slower but best for PCs and drives already in use) Next Cancel

 

Leave 'New Encryption Mode' selected and click Next.

BitLocker Drive Encryption Select which encryption mode to use Windows 10 (Version 1511) introduces a new disk encryption mode (XTS AES). This mode provides additional integrity suppot, but it is not compatible with older versions of Windows. If this is a removable drive that you're going to use on older version of Windows, you should choose Compatible mode. If this is a fixed drive or if this drive will only be used on devices running at least Windows 10 (Version 1511) or later, you should choose the new encryption mode @ New encryption mode (best for fixed drives on this device) C) Compatible mode (best for drives that can be moved from this device) Next Cancel

Click 'Start Encrypting'.

BitLocker Drive Encryption Are you ready to encrypt this drive? Encryption might take a while depending on the size of the drive. You can keep working while the drive is being encrypted, although your PC might run more slowly. Start encrypting Cancel

The encryption process will now start. The length of time this will take depends on the size of disk and the amount data stored. 

You can continue to use your device as normal during the encryption process.

 

BitLocker Drive Encryption Encryptingm Drive C: 2. I % Completed

When encryption has completed when you receive the following notification.

BitLocker Drive Encryption Encryption of C: is complete. Manage BitLocker Close