BitLocker Policy Modification

This admin procedure will provide background information on modifying an existing disk encryption enforcement policy.

BitLocker Encryption

Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard drive to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected devices are decommissioned or recycled.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Modifying a Device BitLocker Policy

1. Navigate to Disk Encryption – Intune, locate the Policy you wish to alter.
   
2. Upon opening the policy, select Properties; all the information of the policy will be displayed. 4 points of interest will be available to Edit. You can modify the sections as needed.
   
   1. Basics: Adjusts non-functional aspects of the rule, such as Name.
      
   2. Assignments: Specifies which groups will be included or excluded from Drive Encryption enforcement.
      
   3. Scope tags: Specifies which administrators can view and alter this object.
      
   4. Configuration Settings: Allows you to set the specific Drive encryption enforcement controls for Fixed, OS, and Removable Drives.
      
3. Regardless of the section alterations are being made in the same procedure applies once the necessary changes have been made select Review + Save to proceed to revisions.
   
4. Once all items have been reviewed, select Save to finalize modifications made to the policy.