In the previous article, we configured the SCCM TS to enable BitLocker on the machine. Now, following these steps, you will configure a BitLocker GPO and TPM recovery information will be stored into Active Directory.
Open the ADDS MMC and go to:
- Computer Configuration
- Policies
- Administrative Templates
- Windows Components
- BitLocker Drive Encryption
- Operating System Drives
Enable the Choose how BitLocker-protected operating system drives can be recovered policy:
Enable the Configure TPM platform validation profile for native UEFI firmware configurations policy:
And the last step: Enable the Turn on TPM backup to Active Directory Domain Services policy:
- Computer Configuration
- Policies
- Administrative Templates
- System
- Trusted Platform Module Services
Don’t forget to add the BitLocker Drive Encryption Administration Utilities to see the information that is being stored in ADDS.
Now you can use the SCCM TS to deploy your machine and check that BitLocker is enabled.