Encrypting your Windows 10 device is a fairly painless process using Microsoft Intune.
To enable encryption on a device or set of devices, in the Azure Portal go to Microsoft Intune>Device Configuration and click Profiles.
Select Create profile.
Enter a Name for the profile, select the Platform as Windows 10 and later and choose Profile type Endpoint protection. Click the Configure option in Settings and then choose Windows Encryption.
You will be presented with 37 configurable settings. Choose ones that fit your encryption scenario. For example, enable XTS-AES 256-bit encryption of the OS drive. Click OK to complete the configuration.
Click Create to complete the set up of the profile for BitLocker encryption.
Select any groups to assign the profile to in the Include tab.
In my example, I am assigning to a group of test devices.
On next sync, the endpoint assigned the profile will prompt that the device needs to be encrypted. Click the message.
Select as relevant and click Yes to begin BitLocker encryption.