Encrypting your Windows 10 device is a fairly painless process using Microsoft Intune.
To enable encryption on a device or set of devices, in the Azure Portal go to Microsoft Intune>Device Configuration and click Profiles.
Select Create profile.
Enter a Name for the profile, select the Platform as Windows 10 and later and choose Profile type Endpoint protection. Click the Configure option in Settings and then choose Windows Encryption.
You will be presented with 37 configurable settings. Choose ones that fit your encryption scenario. For example, enable XTS-AES 256-bit encryption of the OS drive. Click OK to complete the configuration.
Click OK.
Click Create to complete the set up of the profile for BitLocker encryption.
Select Assignments.
Select any groups to assign the profile to in the Include tab.
In my example, I am assigning to a group of test devices.
On next sync, the endpoint assigned the profile will prompt that the device needs to be encrypted. Click the message.
Select as relevant and click Yes to begin BitLocker encryption.
SCCMentor - Paul Winstanley 
Hey there,
How does this work for devices that come pre-set with say something like AES-128? Does it check the current encryption level and decrypt the device if it is lower than the configuration policy? I’ve created one with XTS-AES256 and the machine is currently reading AES128.
Thanks!
No it won’t decrypt. Current algorithm will stay as is