Allow Windows 10 Pro Devices to have Bitlocker PIN Enforced
We can force encryption on Windows 10 1809 Pro devices and store recovery keys to Azure AD but cannot enforce a PIN on startup.
Just came across this issue when trying to Bitlocker encrypt and pin enable as part of an autopilot deployment and found it to be missing and not available. Very frustrating and is a step backwards in securing an endpoint from bootup if the device was lost or stolen.
Why can't we do this!!!!!!!!!!
Mark Shear commented
I thought i was going nuts when this wasnt being applied...please fix this Microsoft!
Robin Doublet commented
I'm using Oliver Kieselbach solution as a workaround, but please, manage this PIN code in ESP, this is a step backward in security from MBAM.
Alan Dooley commented
I'm suprised this isn't available and a "helper" solution is needed. A nice feature of MBAM is the ability to let users set the PIN at first logon. Looking at managing Bitlocker with Intune vs MBAM (Or CM with MBAM integrated) means MBAM is preferable from a user experience perspective, which is a shame as it still needs infrastructure.
Oliver Kieselbach commented
I've written a blog post how to do this with Intune with a little helper. See here:
How to enable Pre-Boot BitLocker startup PIN on Windows with Intune https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/