title | description | keywords | author | ms.author | manager | ms.date | ms.topic | ms.service | ms.subservice | ms.localizationpriority | ms.suite | search.appverid | ms.custom | ms.collection | ms.reviewer | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft Intune endpoint security disk encryption policy |
Configure and deploy Microsoft Intune endpoint security policy disk encryption policies for BitLocker and FileVault. |
brenduns |
brenduns |
dougeby |
06/17/2024 |
conceptual |
microsoft-intune |
protect |
medium |
ems |
MET150 |
intune-azure |
|
aanavath |
Endpoint security Disk encryption profiles focus on only the settings that are relevant for a devices built-in encryption method, like FileVault or BitLocker. This focus makes it easy for security admins to manage disk encryption settings without having to navigate a host of unrelated settings.
While you can configure the same device settings by using Endpoint Protection profiles for device configuration, the device configuration profiles include other categories of settings. These other settings are unrelated to disk encryption and can complicate the task of configuring only disk encryption.
Find the endpoint security policies for disk encryption under Manage in the Endpoint security node of the Microsoft Intune admin center.
- macOS - macOS 10.13 or later
- Windows - Windows 10
- Windows - Windows 11
For guidance on assigning the right level of permissions and rights to manage Intune Disk encryption policy, see Assign-role-based-access-controls-for-endpoint-security-policy.
macOS profiles:
-
FileVault - FileVault provides built-in Full Disk Encryption for macOS devices.
Manage FileVault settings for macOS.
To create a FileVault profile, see Use FileVault disk encryption for macOS.
Windows profiles:
-
BitLocker - BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
[!NOTE]
Beginning on June 19, 2023, the BitLocker profile for Windows 10 and later was updated to use the settings format as found in the Settings Catalog. The new profile format includes the same settings as the older profile. With this change you can no longer create new versions of the old profiles. Your existing instances of the old profile remain available to use and edit.
With the new profile format, we no longer publish a dedicated list of settings as found in the profile. Instead, use the Learn more link in the UI while viewing information for a setting, to open BitLocker CSP in the Windows documentation, where the setting is detailed in full.
You can continue to find a list of settings from the original BitLocker profile at BitLocker settings in the Intune documentation.
To create a BitLocker profile, see Use BitLocker disk encryption for Windows.
After you deploy policy to encrypt a device disk, see the following articles for information on managing encryption: