RealmJoin Classic
  • Welcome
  • Installation
    • Install Using Microsoft Intune
    • Interactive Installation
    • Connecting a Tenant
  • Infrastructure
  • RealmJoin Windows Client
    • User Interface
    • Client Menu
  • RealmJoin Portal
    • Roles in RealmJoin
    • Clients
    • Users and User Settings
    • Groups and Group Settings
    • App Store
    • Software Packages
    • Request Package
  • Multi-User Devices
  • Core Features
    • Local Admin Password Solution
      • KeyVault
      • Application Insights
    • AnyDesk
      • Internal Tasks
      • Customer Tasks
      • AnyDesk Cloud Connections
    • Notifications
    • Software Report
    • Delivery Optimization for Windows Update
    • BitLocker
    • Intranet Zone
    • Domain Connect
    • Settings
  • Outlook Signatures
  • FAQ
  • Troubleshooting
  • Appendix
  • Changelog
  • Packages
    • Package Lifecycle
    • Package Types
    • Prepare Packages
    • Chocolatey Package
    • Craft Package
    • Updating Packages
    • Core Extension
    • Packaging In-Depth
    • Specialised Packages
    • Workflow (internal GK)
    • JSON - Short Overview
    • 3rd Party NuGet Packages
Powered by GitBook
On this page
  • BitLocker enforcement
  • BitLocker recovery key
  1. Core Features

BitLocker

PreviousDelivery Optimization for Windows UpdateNextIntranet Zone

Last updated 3 years ago

BitLocker enforcement

It is possible to force BitLocker encryption for OS volumes. The configuration file (see chapter ) allows to set the switch BitlockerEnabled to true. If the device is equipped with a ready state TPM chip the encryption is activated.

BitLocker recovery key

To allow the BitLocker enforcement, the following registry key

HKLM\SYSTEM\CurrentControlSet\Control\BitLocker:PreventDeviceEncryption

is set to false.

For virtual machines, the encryption is only enforced, if the virtual machines variables are:

$env:RjDisableVmDetection=1

If the client device is Azure AD joined, RealmJoin uploads the BitLocker recovery key to Azure AD. If the upload is not successful on the first try, it will be retried. If the upload cannot be performed successfully, the RealmJoin rollout fails. In the case of a non-AAD-joined device, the BitLocker recovery key is not saved anywhere.

Settings