1. Home
  2. Knowledge Base
  3. SureMDM
  4. Windows Management
  5. How to enable Silent BitLocker encryption using SureMDM Run Scripts

How to enable Silent BitLocker encryption using SureMDM Run Scripts

BitLocker by Microsoft is an easy-to-use encryption program built into Windows. It is an effective tool that can encrypt the entire PC hard drive, including the system drive, any physical drive, or even the virtual hard drive (VHD) of a Windows PC. BitLocker also prevents unauthorized access to the system and protects PC data in the event of a device being lost or stolen.

On enterprise-owned devices, IT departments can enable BitLocker encryption to prevent data breaches. SureMDM by 42Gears allows BitLocker to be remotely enabled on Windows devices.


The purpose of this knowledge article is to help the admin set up Silent BitLocker encryption on SureMDM devices remotely to encrypt device data and address the threats of data theft or exposure from lost or stolen devices.


Windows devices must be Dual enrolled in SureMDM.


  1. Navigate to Jobs
  2. Select Windows as the Operating System.
  3. Select Run Script and enter a Job Name
  4. In the text box, enter the following snippet:

powershell.exe -command "$EncryptDrive = 'C:' ; Add-BitLockerKeyProtector -MountPoint $EncryptDrive -RecoveryPasswordProtector; manage-bde -on $EncryptDrive"

Shutdown -r -t 2

  1. Select Save to save this Job

Note: This command should be used for C:(operating system drive) drive only and enforcing passwords via command line is not allowed for OS drives as per Microsoft policy.

Other drives can be encrypted using the below commands.

powershell.exe -command "$EncryptDrive = 'D:' ;$SecureString = ConvertTo-SecureString 'Password123' -AsPlainText -Force; Add-BitLockerKeyProtector -MountPoint $EncryptDrive -RecoveryPasswordProtector;Add-BitLockerKeyProtector -MountPoint $EncryptDrive -PasswordProtector -Password $SecureString; manage-bde -on $EncryptDrive"

Applying the Job to Windows devices 

  1. Navigate to the SureMDM Home page.
  2. Select the desired device(s) or Group of devices. 
  3. Select the Apply button (or Group-Apply button) and apply the above-created job.

If you want to try a convenient way to push BitLocker encryption remotely on your Windows devices, try SureMDM today!

Need help? 


Was this helpful?
Updated on August 2023