Matt

  BitLocker is one of Microsoft's well known policies to secure drives by encrypting them, using different encryption methods. It is not a new method, it has been around since SCCM, and when Intune was introduced, it became available on the cloud side. The new policy will focus on TPM 2.0, which has become mandatory for Windows 11. There are many fantastic blogs in our community about BitLocker details, and Microsoft has well documented it, so I will go very quickly on how to configure it, because my blog is about USB encryption. How to configure BitLocker Policy:- You can do it in different ways, by configuring a new policy under ‘Devices’, or you can do it from ‘Endpoint Security. I personally prefer the  2nd way. Endpoint Security>Device encryption> create a new policy and select Windows and BitLocker Configuration settings:- These settings have many submenus (I'm doing Entra join if you have a different selection, AD, or both, like I did). BitLocker: BitL...