Connect
Ask Community
Ask the community
Ask Community

Query on BitLocker startup screenSolved

Profile photo of vance_j
vance_j
Participant
Discussion
Hexnode UEM
1 day ago Feb 19, 2026

Hi Team, 

I’m working with a customer who requires BitLocker encryption on Windows devices. The key requirement is that the BitLocker startup screen must be the first prompt after powering on the devicesand the user must enter a PIN before the Windows login screen appears. 

Encryption is completed successfully, but after reboot, the device goes straight to the Windows login screen and does not show the BitLocker startup PIN prompt.  

Is there anything else we need to configure to ensure the BitLocker startup PIN appears on every boot? 

topic view count 17 Views

Tags

Remote Actions (24) Windows (322)
Reply

Replies (3)

Marked SolutionPending Review
Profile photo of clara_sterling Hexnode Expert image
clara_sterling
Hexnode Expert
1 day ago Feb 19, 2026
Marked SolutionPending Review

Hi  @vance_j , Thanks for the information! 

Based on your description, it seems that the device is being encrypted, but the BitLocker startup screen is not appearing on boot. This usually happens when the OS drive is protected using TPM only.  

To display the BitLocker startup PIN screen, the device must use TPM + PIN protection.

Regards, 
Clara sterling, 
Hexnode UEM. 

Marked SolutionPending Review
Profile photo of haanaa Novice image
haanaa
Participant
1 day ago Feb 19, 2026
Marked SolutionPending Review

Hi, 

How can we verify whether the device is using TPM only or TPM + PIN? 

Marked SolutionPending Review
Profile photo of clara_sterling Hexnode Expert image
clara_sterling
Hexnode Expert
1 day ago Feb 19, 2026
Marked SolutionPending Review

Hi  @haanaa  and  @vance_j ,  

You can verify this directly from the Windows device by checking the active BitLocker protectors of the OS drive. 

  • Open Command Prompt (as Administrator)
  • Run the following command: manage-bde -protectors -get C: 
  • Review the output. If TPM and PIN are not listed, no startup PIN screen will appear. has not been applied. 
  • To enable TPM + PIN, use this command: manage-bde -protectors -add C: -TPMAndPIN

After running the command, restart the device. The BitLocker startup screen will appear before the Windows login page. 

Regards, 
Clara sterling, 
Hexnode UEM. 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1995 pts
Profile photo of timo-liam Veteran image
timo-liam
1390 pts
Profile photo of leo_scott Novice image
leo_scott
1297 pts
Profile photo of carter Novice image
carter
1205 pts
Profile photo of eliiza Novice image
eliza
1157 pts
View all

Popular Tags

ABM (53)
Android (453)
iOS (359)
macOS (473)
Windows (322)
Apple TV (33)
App Management (352)
Enrollment (104)
Location (29)
Kiosk (216)
Scripts (88)
ADE (49)
OS Updates (78)
Android Enterprise (139)
View all