![]() How to disable the “Your organization requires Windows Hello” prompt during OOBE 35 comments | 148.92 views per day | by Janusz | posted on September 17, 2020.There we have it! A deep dive into a simple setting, allowing you to use that compliance policy setting for BYOD Windows Home devices. Windows Home devices that meet the appropriate spec and automatically encrypt will meet the compliance settings requirements of BitLocker encryption in Microsoft Endpoint Manager. So at the end of the day, the BitLocker support in Windows Pro and Enterprise seems to be the configurability of encryption. With Windows 11 and Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition or Windows 11.” “Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. For example, in this article, under BitLocker Device Encryption it even mentions Windows Home: ![]() Notice that Home is not supported for the BitLocker CSP used to configure encryption settings:ĭepending on the Docs article, it looks like Device Encryption can also be referred to as BitLocker Device Encryption. We can ONLY use the Device Encryption feature which natively uses AES-128. It was possible to change the algorithm by setting an encryption algorithm and targeting a device group, but devices would be encrypted nonetheless.īut the interesting thing is – Windows 10/11 Home don’t support BitLocker, so we can’t deploy those same profiles. That’s because the devices hit the same mechanism – they met HSTI requirements and were using an online (Azure AD) account that could store the key, so they were automatically encrypted. If you’ve deployed corporate devices with Autopilot before, you may have run into this automated encryption before. ![]() If I go to, I can pull up the “BitLocker” key for this device. Device encryption is automatically enabled once you sign in with a Microsoft Account and meet the HSTI requirements, encrypting the device with AES-128 and storing the key in your online account.Īnd just to provide more validation, here’s a screenshot showing the device is running Windows 10 Home: ![]() Presuming you have a compatible device then, when you go through OOBE and sign in with a Microsoft Account, under Settings > Update & Security, you will find a Device Encryption pane that will state Device encryption is on. If your device is compatible, you can open System Information as an admin and you will see Meets requirements under Device Encryption:Īn incompatible device, however, will show a list of reasons which may include Hardware Security Test Interface failed: HSTI spec can be complicated but suffice it to say that the OEM of your device needs to build in support for it, or you won’t meet it. Windows 10 Home edition comes with support for “ Device Encryption.” Device Encryption is unique in that it isn’t offered on every device, only those that meet HSTI specifications. This second option poses an interesting question – can Windows 10/11 Home devices, which don’t have BitLocker, meet this compliance requirement? The second is the Require encryption of data storage on device, which checks for the presence of encryption (according to the Docs article). The first is to use the Require BitLocker setting, which evaluates whether BitLocker is enabled via the Windows Health Attestation Service (requiring a reboot). If you’re using Compliance Policies in Microsoft Endpoint Manager for Windows devices, you’ll notice that you can require encryption two different ways.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |