Tip of the day
If you want to manage Surface Pro from MNE, please ensure that you click the "Advanced" button in the MNE BitLocker product policy to expose the following policy option, which needs to be selected.
This is because BitLocker will, by default, fail to activate on this system; Surface Pro reports that it has no keyboard to BitLocker and BitLocker is designed to avoid activating on a system without a keyboard. This is to avoid users being locked out if they cannot enter a preboot credential because of a lack of a keyboard.
In order for BitLocker to activate, we need to instruct BitLocker to ignore the platform keyboard check. This is what the policy shown below does, by altering local system GPO.
Note: if the policy requires TPM only, this option is not required since no credentials need to be supplied in the preboot environment.
I have a SurfacePro3 using MNE and BitLocker is active.. My policy does NOT have that enabled. Is it because I have a keyboard cover attached ?
Bitlocker itself will prevent activation on systems in which a keyboard is not detected. This option will bypass this Bitlocker check and activate even if no KB is detected. Because a keyboard is detected, Bitlocker is satisfied and will activate on the system.
Hi Mitch, or it could be because you've already set the relevant BitLocker GPO locally on the system or on the domain server. MNE will set that GPO itself if this option is ticked in ePO, otherwise it leaves it untouched.