Encrypting your Windows 10 device is a fairly painless process using Microsoft Intune.

To enable encryption on a device or set of devices, in the Azure Portal go to Microsoft Intune>Device Configuration and click Profiles.

2018-03-15 00_06_06-Dashboard - Microsoft Azure.jpg

Select Create profile.

2018-03-15 00_06_29-Device Configuration Profiles - Microsoft Azure.jpg

Enter a Name for the profile, select the Platform as Windows 10 and later and choose Profile type Endpoint protection. Click the Configure option in Settings and then choose Windows Encryption.

2018-03-15 00_07_11-Endpoint protection - Microsoft Azure.jpg

You will be presented with 37 configurable settings. Choose ones that fit your encryption scenario. For example, enable XTS-AES 256-bit encryption of the OS drive. Click OK to complete the configuration.

2018-03-15 00_08_35-Windows Encryption - Microsoft Azure.jpg

Click OK.

2018-03-15 00_09_26-Endpoint protection - Microsoft Azure.jpg

Click Create to complete the set up of the profile for BitLocker  encryption.

2018-03-15 00_09_37-Create profile - Microsoft Azure.jpg

Select Assignments.

2018-03-15 00_10_03-.jpg

Select any groups to assign the profile to in the Include tab.

2018-03-15 00_11_49-Dashboard - Microsoft Azure.jpg

In my example, I am assigning to a group of test devices.

2018-03-15 00_12_04-Select groups to include - Microsoft Azure.jpg

2018-03-15 00_12_15-Dashboard - Microsoft Azure.jpg

On next sync, the endpoint assigned the profile will prompt that the device needs to be encrypted. Click the message.

2018-03-16 01_28_46-Windows10-1709 on PC-SSD - Virtual Machine Connection.jpg

Select as relevant and click Yes to begin BitLocker encryption.

2018-03-16 01_29_13-Windows10-1709 on PC-SSD - Virtual Machine Connection.jpg