Directly contact our Support Team

Troubleshooting Full Disk Encryption on Microsoft Surface devices

Full Disk Encryption is a GravityZone feature designed to keep safe your sensitive data by providing central management of Windows BitLocker and macOS FileVault.

Issue

When Full Disk Encryption is enabled on Microsoft Surface devices, the users may be repeatedly prompted to enter a PIN to start the encryption process. In this case, the PIN is not saved and the drives are not encrypted.

Solution

To address this issue, you have to enable BitLocker authentication for devices that lack keyboards in the preboot environment (such as tablets), in the Policy Group settings:

  1. Open the Search box and execute gpedit.msc. The Local Group Policy Editor window shows up.
  2. Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. Click to edit the setting Enable use of BitLocker authentication requiring preboot keyboard input on slates.
  4. Select Enabled, click Apply, then click OK.

Additional information about Full Disk Encryption in GravityZone is available in this KB article.

Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit