I am tasked with enabling BitLocker via InTune and I am struggling to understand why the following settings are not taking effect on the endpoint.
In the OS drive settings
Compatible TPM Startup - Blocked
Compatible TPM startup PIN - Blocked
Compatible TPM startup key - Blocked
Compatible TPM startup key and PIN - Required
I have had the solution working for TPM and PIN, but the people I work for want TPM, Key and PIN. When I go to turn on BitLocker in "Manager BitLocker", I am greeted with the dreaded "This PC requires a startup option that isn't supported by BitLocker setup."
Trying to research this error led me to 4sysops.com which says:-
"If you see this one, it is usually caused by having more than one required option for additional authentication for an OS Drive at startup.
You can’t require more than one startup type."
Unless my (il)logic is flawed, then with the settings I set above, this condition should be satisfied.
Anyone have any ideas?
Best Answer
TPMandPINandStartupKey needs to be configured using the command line. The wizard isn't compatible with that setting.