If the encryption method and options match that of this policy, configuration should return success. If the drive was encrypted before this policy applied, no extra action is taken. BitLocker – Base SettingsĮnable full disk encryption for OS and fixed data drives The following settings details for Windows profiles apply to those deprecated profiles. When viewing a settings information text, you can use its Learn more link to open that content. That content can provide more information about the use of the setting in its proper context. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Intune admin center are taken directly from the settings authoritative content. Although you can no longer create new instances of the older profile, you can continue to edit and use instances of it that you previously created.įor profiles that use the new settings format, Intune no longer maintains a list of each setting by name. With this change you can no longer create new versions of the old profile and they are no longer being developed. On June 19, 2023, the Windows 10 and later profile was updated to use a new settings format as found in the Settings Catalog. This article details the settings you can find in BitLocker profiles created before June 19, 2023, for the Windows 10 and later platform for endpoint security Disk encryption policy. Yes - Hide the personal recovery key during device encryption.After the disk is encrypted, a user can use any device to view their personal recovery key through the Intune Company Portal website, or company portal app on a supported platform. Hide the personal recovery key from the user of the macOS device during encryption. Yes - Disable the prompt to enable FileVault that appears at sign-out.When set to Disable, the prompt at sign-out is disabled and instead, the user is prompted when they sign in. Prevent the prompt to the user that requests they enable FileVault when they sign out. Yes - Defer the prompt to enable FileVault until the user signs out.No limit, always prompt - The user is prompted to enable FileVault, but encryption is never required.1 to 10 - Allow a user to ignore the prompt from 1 to 10 times before requiring encryption on the device.Not configured ( default) - Encryption on the device is required before the next sign-in is allowed.Set the number of times a user can ignore prompts to enable FileVault before FileVault is required for the user to sign in. The user sees this message on their sign in screen when prompted to enter their personal recovery key if a password is forgotten. Specify a short message to the user that explains how they can retrieve their personal recovery key. Escrow location description of personal recovery key.You can select the default of Not configured, or a value of 1 to 12 months. Specify how frequently the personal recovery key for a device will rotate. Configure the following settings for the personal key: Recovery key type Personal key recovery keys are created for devices. When set to Yes, you can configure additional settings for FileVault. FileVault is enabled when the user signs off of the device. Yes - Enable Full Disk Encryption using XTS-AES 128 with FileVault on devices that run macOS 10.13 and later. View the settings you can configure in profiles for Disk Encryption policy in the Endpoint security node of Intune as part of an Endpoint security policy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |