- Managing device features and behavior
- Managing devices with IT policies
- Restricting or allowing device capabilities
- Setting device password requirements
- Creating and managing IT policies
- How BlackBerry UEM chooses which IT policy to assign
- Allowing BlackBerry 10 users to back up device data
- Importing IT policy and device metadata updates
- Creating device support messages
- Enforcing compliance rules for devices
- Sending commands to users and devices
- Deactivating devices
- Controlling the software updates that are installed on devices
- Create a device SR requirements profile for Android Enterprise devices
- Create a device SR requirements profile for Samsung Knox devices
- Create a device SR requirements profile for BlackBerry 10 devices
- View users who are running a revoked software release
- Managing OS updates on devices with MDM controls activations
- View available updates for iOS devices
- Update the OS on supervised iOS devices
- Configuring communication between devices and BlackBerry UEM
- Displaying organization information on devices
- Using location services on devices
- Using Activation Lock on iOS devices
- Managing iOS features using custom payload profiles
- Setting up factory reset protection for Android Enterprise devices
- Setting up Windows Information Protection for Windows 10 devices
- Allowing BitLocker encryption on Windows 10 devices
- Managing attestation for devices
- BlackBerry Docs
- BlackBerry UEM 12.12
- Administration
- Managing device features
- Allowing BitLocker encryption on Windows 10 devices
Allowing BitLocker encryption on Windows 10 devices
Windows 10
devicesBitLocker Drive Encryption is a data protection feature of the operating system that helps mitigate unauthorized data access when a device is lost or stolen. You can allow BitLocker encryption on
Windows 10
devices and protection is strengthened if the device also has a Trusted Platform Module (TPM), which gives you the option to require additional authentication at startup (for example, a startup key, PIN, or removable USB drive). In BlackBerry UEM
, you can also create a compliance profile to prevent users from disabling BitLocker to enforce its use on devices that require encryption.You can configure the recovery options to access a BitLocker-protected operating system or data drives. Users can access recovery keys from the
Active
Directory
console, and if enabled, recovery passwords can be backed up to Active
Directory
Domain Services so that an administrator can recover them using the BitLocker Recovery Password Viewer tool.Configure the following
UEM
IT policy rules to support BitLocker encryption on Windows 10
devices:- BitLocker encryption method for desktop
- Allow storage card encryption prompts on the device
- Allow BitLocker Device Encryption to enable encryption on the device
- Set default encryption methods for each drive type
- Require additional authentication at startup
- Require minimum PIN length for startup
- Pre-boot recovery message and URL
- BitLocker OS drive recovery options
- BitLocker fixed drive recovery options
- Require BitLocker protection for fixed data drives
- Require BitLocker protection for removable data drives
- Allow recovery key location prompt
- Enable encryption for standard users
For more information about the BitLocker IT policy rules, see the Policy Reference Spreadsheet.