The Require Secure Boot to be enabled on the device setting is supported on some TPM 1.2 and 2.0 devices.
Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.ĭevice HealthAttestation CSP - BitLockerStatus.Not configured ( default) - This setting isn't evaluated for compliance or non-compliance.As a result, the keys can't be accessed until the TPM verifies the state of the computer. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data.
Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. Device Health Windows Health Attestation Service evaluation rules For Platform, select Windows 10 and later. Before you beginĬreate a compliance policy. To learn more about compliance policies, and what they do, see get started with device compliance. As part of your mobile device management (MDM) solution, use these settings to require BitLocker, set a minimum and maximum operating system, set a risk level using Microsoft Defender for Endpoint, and more.Īs an Intune administrator, use these compliance settings to help protect your organizational resources. This article lists and describes the different compliance settings you can configure on Windows devices in Intune.
0 kommentar(er)
