This blog post will show you how to configure BitLocker for Windows 10 using SCCM. The task sequence will perform two tasks:
- The SCCM task sequence will create multiple partitions on the hard drive.
- The SCCM task sequence will use a TPM chip to store the bitlocker protector
In the next article, we will configure Active Directory for BitLocker.
First, check on your laptop or Microsoft surface the status on the TPM chip, it must be enabled.
Now open the SCCM console and go to:
- Software Library
- Operating Systems
- Task Sequences
- And edit your task sequence
Add the following steps:
- “Partition Disk”
2. “Pre-Provision BitLocker”
3. “Enable BitLocker”. Select “TPM Only” if you don’t want a startup key or PIN. And select where the recevory key will be stored. (ADDS is recommended).
For all these steps, use the following condition: “_SMSTSBootUEFI” equals “True”