Few days ago I wanted to enable BitLocker as a part of OS deployment. With SCCM & MBAM this can be done in two ways.
- Used Space Encryption or Pre-Provisioning BitLocker.
- Full Disk Encryption (FDE) or the normal way.
Pre-Provisioning BitLocker is crazily fast. Because it encrypts the disk even before the OS is applied. Also it will only encrypt the used space. So when data gets written to disk it will automatically encrypt the newly added data. Used Space Encryption is good if the HDD has never stored confidential data in the past or the HDD is previously fully encrypted with BitLocker. I prefer this method.
FDE as the name suggests, encrypts the entire disk. Also it's a time consuming process even if configured as a part of OS deployment. It might take 2-3 hours or more depending on the size of the HDD and the size of the data on the HDD. But most people prefer this method.
I will share my experience & task sequences which worked for me to do above in both ways.