You can create a new BitLocker policy by:
- Creating a new policy, or
- Copying an existing policy.
If you copy an existing policy, the policy’s settings are copied, but the policy isn’t applied to any sites.
BitLocker Policy Settings
BitLocker policies do not have any customizable settings. When applied to a device, a BitLocker policy encrypts every applicable drive.
To create a BitLocker policy
- In Service Center, click Service Delivery > Policies > BitLocker.
- Click New.
- In the Policy Name box, type a name.
- Optionally, type a description for the policy.
- Click Create.
To copy a BitLocker policy
- In Service Center, click Service Delivery > Policies > BitLocker.
- Select the check box beside the name of the BitLocker policy you want to copy.
- Click Copy.
- In the Policy Name box, change the name of the policy, if required. Copied policies are automatically given a (1) suffix.
- In the Description box, type a description of the policy.
- Click Create.
Creating Rules to Automatically Include Devices in BitLocker Policies
Automatic application rules determine which devices are eligible to have the BitLocker policy applied. For example, if you are creating a policy to encrypt the Windows drives of Dell devices, you can setup an automatic application rule to include devices with the Manufacturer name "Dell".
Application rules do not come into effect until the BitLocker policy has been applied, either by adding it to a service and then applying the service to a group or site, or by adding it to a service in a service plan, which is applied to a group or site.
The process for setting up application rules is the same for BitLocker policies as it is for other policy types. For more detailed instructions on setting up automatic approval rules, including examples, see Creating Automatic Inclusion Rules for Monitoring Policies.
To create an automatic application rule for a BitLocker policy
- In Service Center, click Service Delivery > Policies > BitLocker.
- Click the name of the BitLocker policy for which you want to create an automatic inclusion rule.
- Click the Automatic Application tab.
- Create conditional statements. See Creating condition statements for a monitoring policy automatic inclusion rule in Creating Automatic Inclusion Rules for Monitoring Policies.
- Create the inclusion criteria. See Creating inclusion criteria for a monitoring policy automatic inclusion rule in Creating Automatic Inclusion Rules for Monitoring Policies.
- Preview the rule. See Previewing an Automatic Inclusion Rule in Monitoring Policies.
- Repeat step 4 - 6 until the rule is complete.
- You can add up to a maximum of 15 rules.
- Click Save.
Applying BitLocker Policies to Services
BitLocker policies must be applied to services to activate them. To apply a BitLocker policy to a service, see To add policies to a service in Modifying Services.
Removing BitLocker Policies
You can remove a BitLocker policy from a device by deleting the policy, removing the policy from a service, by changing the auto-application rules of the policy, or excluding the device.
To delete a BitLocker policy
- Click Service Delivery > Policies > BitLocker.
- Select the check box beside the policy you want to remove.
- Click Delete.
You can also remove a policy from a device by doing any of the following:
- To remove a policy from a service, see To remove policies from a service in Modifying Services.
- To edit the auto-application rules, see Creating Rules to Automatically Include Devices in BitLocker Policies, above.
- To remove a BitLocker policy from a device by excluding the device from the policy, see Excluding Devices from a Monitoring Policy.