Troubleshooting Full Disk Encryption on Microsoft Surface devices
Full Disk Encryption is a GravityZone feature designed to keep safe your sensitive data by providing central management of Windows BitLocker and macOS FileVault.
When Full Disk Encryption is enabled on Microsoft Surface devices, the users may be repeatedly prompted to enter a PIN to start the encryption process. In this case, the PIN is not saved and the drives are not encrypted.
To address this issue, you have to enable BitLocker authentication for devices that lack keyboards in the preboot environment (such as tablets), in the Policy Group settings:
- Open the Search box and execute gpedit.msc. The Local Group Policy Editor window shows up.
- Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Click to edit the setting Enable use of BitLocker authentication requiring preboot keyboard input on slates.
- Select Enabled, click Apply, then click OK.
Additional information about Full Disk Encryption in GravityZone is available in this KB article.