3 Replies Latest reply on Feb 3, 2015 3:25 PM by dwebb

    Surface Pro 3.0 and Bitlocker, using Management of Native Encryption


      Tip of the day


      If you want to manage Surface Pro from MNE, please ensure that you click the "Advanced" button in the MNE BitLocker product policy to expose the following policy option, which needs to be selected.


      This is because BitLocker will, by default, fail to activate on this system; Surface Pro reports that it has no keyboard to BitLocker and BitLocker is designed to avoid activating on a system without a keyboard.  This is to avoid users being locked out if they cannot enter a preboot credential because of a lack of a keyboard.


      In order for BitLocker to activate, we need to instruct BitLocker to ignore the platform keyboard check.  This is what the policy shown below does, by altering local system GPO.


      Note: if the policy requires TPM only, this option is not required since no credentials need to be supplied in the preboot environment.