Hello everyone, is the BitLocker policy applied to Windows devices by default in Hexnode?
24 Views
Replies (10)
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@finn I don’t think the Bitlocker policy or in fact, any Device Policy gets assigned to devices by default, once they are enrolled into Hexnode.
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@ronnie , But I see that the Windows device I just enrolled into my portal is non-compliant due to no encryption – is it not because of the BitLocker policy?
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@finn , I think you are talking about the “Default Windows Compliance policy” applied to Windows devices as soon as they are added to the portal.
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@ronnie ,Yes, I see that such a policy has been applied automatically, so what should I do to make my device compliant again?
Marked SolutionPending Review
Hexnode Expert
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@finn , please note that the Default Windows Compliance Policy within the Hexnode UEM portal specifically mandates that device encryption must be active for a system to maintain a “Compliant” status.
Enabling BitLocker on your device serves as the necessary signal to the UEM portal that this security requirement has been met. Once the encryption process is initiated, the device will automatically be marked as compliant upon completion of its next Device Scan.
Regards,
Elle Reed,
Hexnode UEM.
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@elle_reed , if so, how do I turn on the BitLocker then?
Marked SolutionPending Review
Hexnode Expert
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@finn , you can enable BitLocker either manually on the device or remotely via Hexnode. Here’s how:
Option 1: Manual Setup
-
Open Control Panel > BitLocker Drive Encryption.
-
Select your drive and click Turn on BitLocker.
-
Save your Recovery Key: This is crucial. Choose to save it to your Microsoft Account, a USB flash drive, a separate file (external to the device), or print it.
-
Choose your settings:
-
- Scope: Encrypt “used disk space only” (faster) or the “entire drive” (more secure).
- Mode: Choose “New encryption mode” (fixed drives) or “Compatible mode” (removable drives).
-
Review and click Start Encrypting.
Option 2: Using Hexnode (MDM)
-
Via Policy: Navigate to Policies > New Policy > Windows > Enterprise > BitLocker. Once you configure the policy and apply it, the user will get a popup to trigger the encryption.
-
Via Remote Action: You can use the Force BitLocker Encryption action for immediate deployment.
Pro Tip: Associate your BitLocker policy before running the remote action to ensure it uses your preferred encryption settings rather than the system defaults.
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
Thanks @elle_reed!
Marked SolutionPending Review
Hexnode Expert
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@finn , Additionally, it is worth noting that this compliance concern is largely mitigated in the latest iterations of the operating system. Starting with Windows 11 Version 24H2, BitLocker encryption is enabled by default across the Pro, Enterprise, and Education editions during Out-of-box (OOBE) experience. Because the encryption is active from the initial setup, the device should automatically meet the compliance requirements without any manual intervention or policy configuration.
Marked SolutionPending Review
Participant
1 week ago
Feb 17, 2026
Marked SolutionPending Review
@elle_reed , is that so? Mine is probably in an older version. I will keep this in mind for future devices, thanks!
Save
