Enable use of BitLocker authentication requiring preboot keyboard input on slates
Would be good to integrate in Endpoint Protection BitLocker setcion an option for "OSEnablePrebootInputProtectorsOnSlates" (Enable use of BitLocker authentication requiring preboot keyboard input on slates),
Else if you use Tablet, then when the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.
But to enable this "OSEnablePrebootInputProtectorsOnSlates" need push PowerShell script to devices, as BitLocker-CSP missing this too....
Or option via BitLocker-CSP to control this setting.
Per Oddvar Skåre commented
I am totally blown away by the missing option to set boot pin on a Microsoft Surfacedevice, even models with a fixed keyboard!
This should have been fixed in Intune/BIOS on Surface, a long time ago!
James Morrison commented
I'm also bafffed by this!
Microsoft are pushing people to use Intune, but don't even have the funtionality to use it on their own devices at an enterprise level...
It's like buying a guitar and amp by the same manufacturer but they won't work together. You have to buy a different guitar for it to work.
Tor Valstrøm commented
I was shocked to see this option missing from Intune. Especially since Microsoft Surface devices don't work with Bitlocker pin boot without it enabled.