We have created a device protection policy to encrypt volumes using AES256. When the policy is applied to any device, the root volume is encrypted using AES128 algorithm.
This is the policy definition:
This is the final result:
Any idea why?
Thanks in advance.
Hey SuscripcionesEM,
Michael is spot on, there's probably a GPO overriding the setting.
Go to Start > Run > gpedit.msc > to open the Local Group Policy Editor.
Browse to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.
Double click "Choose drive encryption method and cipher strength" and select Enabled.
Click the drop-down box > select AES 256-bit > Click OK.
BitLocker should now use 256-bit AES encryption when creating new volumes, but it's worth noting that this setting only applies to new volumes you enable BitLocker on.
Any existing BitLocker volumes will continue to use 128-bit AES.
Hey SuscripcionesEM,
Michael is spot on, there's probably a GPO overriding the setting.
Go to Start > Run > gpedit.msc > to open the Local Group Policy Editor.
Browse to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.
Double click "Choose drive encryption method and cipher strength" and select Enabled.
Click the drop-down box > select AES 256-bit > Click OK.
BitLocker should now use 256-bit AES encryption when creating new volumes, but it's worth noting that this setting only applies to new volumes you enable BitLocker on.
Any existing BitLocker volumes will continue to use 128-bit AES.
