Device BitLocker Policy Modification Procedure

This admin procedure will provide background information on modifying an existing disk encryption enforcement policy.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

BitLocker Encryption

Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard drive to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected devices are decommissioned or recycled.


Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity


Modifying a Device BitLocker Policy

  1. Navigate to Disk Encryption – Intune, locate the Policy you wish to alter.
  2. Upon opening the policy, select Properties; all the information of the policy will be displayed. 4 points of interest will be available to Edit. You can modify the sections as needed.
    1. Basics: Adjusts non-functional aspects of the rule, such as Name.
    2. Assignments: Specifies which groups will be included or excluded from Drive Encryption enforcement.
    3. Scope tags: Specifies which administrators can view and alter this object.
    4. Configuration Settings: Allows you to set the specific Drive encryption enforcement controls for Fixed, OS, and Removable Drives.
  3. Regardless of the section alterations are being made in the same procedure applies once the necessary changes have been made select Review + Save to proceed to revisions.
  4. Once all items have been reviewed, select Save to finalize modifications made to the policy.

You're Finished!

You should have successfully modified an existing disk encryption requirement that will be enforced for the selected OS platform. For any other problems or questions, reach out to us!