Onboarding an endpoint in an organization should be cautiously handled and if improperly managed when encrypting the device, we stand at the risk of data exposure. Introducing hybrid working model makes it much harder to manage the device enrollment process, with organization and personal devices in the mix.
Managing encryption is a pressing task that needs monitoring more often, and if a new computer enters the network, you have to oversee the encryption manually. The new computers will be unencrypted by default, and so manual efforts in overseeing the encryption can be imperfect. However, the entire task of encrypting the contents of the computers can be automated using BitLocker Management.
STEP 1 - Navigate to the BitLocker module on the Endpoint Central console and create an encryption policy according to your enterprise demands to manage BitLocker. To know more about configuring BitLocker policies refer to this page.
STEP 2 - Once a policy is created, further action would be to deploy the policy to a custom group.
STEP 3 - In the Policies tab, click on Select Custom Group from Policy Deployment section.
STEP 4 - When you click on the custom group field, the list of custom groups available in your system will be displayed here. Among them, select the custom group All Computers Group.
NOTE - Once a new computer is added to the network, it gets added to the custom group automatically. Once added to the group, the policy gets deployed to that particular system as well, enabling BitLocker automatically.
STEP 5 - In Select Policy, choose the policy configured in this step.
STEP 6 - Selecting the Deploy option deploys the policy in the next refresh cycle (90 mins). To deploy the policy right away, you can opt for Deploy Immediately option.