New profile to enable BitLocker on Windows 10 and Windows 11 devices


In the Systems Manager > Settings page, administrators can now find a new BitLocker profile payload. Simply search for "BitLocker" or look for the "Windows" profiles to find it. Documentation can be found here


This new BitLocker profile allows setting BitLocker encryption enforcement rules with various settings, such as:

  • Encryption method
  • OS drive settings
  • PIN length
  • Recovery options
  • Fixed data drive settings
  • Removable data drive settings
Administrators can also check for encryption as a Systems Manager security policy, to obtain a list of compliant and non compliant encrypted devices on the Systems Manager > Devices list in bulk. This will show the encryption compliance status, reason, and if BitLocker is currently enabled, disabled, or unknown (not reported yet). This security policy will also check all other OSes for encryption, such as macOS FileVault encryption, iOS encryption, and Android Work Profile encryption. So the security policy is a great way to read current encryption status in bulk for every device. 
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.