We currently enforce BL on machines that have a TPM chip.
The GPO will prompt to activate the TPM, restart, export the key to AD and start encrypting.
However, recently we run into some issues where it doesn't work all the time.
Now these policies we have in place are years old and I am wondering what the "recommended" policy would look like now so I can compare and test.
Is there a different way to handle this with W10 as opposed to W7?
Thanks!