Forum Discussion
License Confusion for Managing BitLocker via Intune
Scenario: We are managing BitLocker through Intune, with recovery keys backed up to Entra ID for both Hybrid and Entra ID-joined devices. Our devices run Windows 10/11 Professional, and we have EMS ...
Your confusion is understandable, as the documentation can sometimes seem contradictory. Here's a breakdown to clarify:
- Windows 10/11 Professional and BitLocker Management via Intune:
- Windows 10/11 Professional is sufficient for enabling and managing BitLocker through Intune. This includes deploying BitLocker policies and managing recovery keys.
- The BitLocker CSP (Configuration Service Provider) is supported on Windows 10 Pro version 1809 and later, as well as Windows 11.
- Windows 10/11 Enterprise and CSP-Based Management:
- Some advanced BitLocker management features via CSP may require Windows 10/11 Enterprise. For example, certain ADMX-backed policies or advanced configurations might necessitate Enterprise licensing.
In summary, for standard BitLocker management tasks (like enabling encryption and managing recovery keys) through Intune, Windows 10/11 Professional is sufficient. However, if your organization requires advanced CSP-based configurations, you might need Windows 10/11 Enterprise.
Please like if this helped.
