How to change BitLocker settings using Group Policy

External configuration, but relevant to AD-integrated BitLocker protection

To enable the Group Policy that sets BitLocker encryption method for fixed drives, follow these steps:

1. Open the Group Policy Management Console by running the gpmc.msc command in the Run dialog box.
2. Right-click the desired Group Policy Object (GPO) and select Edit.
3. In the Group Policy Management Editor, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives.
4. Locate the Configure encryption method and cipher strength for fixed data drives policy setting.
5. Double-click the policy and select Enabled.
6. In the Options, select XTS-AES 128 from the drop-down menu for Encryption method.
7. Click OK to save the changes.
8. Close the Group Policy Management Editor and update the GPO by running the gpupdate /force command in an elevated command prompt.

Once the GPO is updated, all fixed drives in computers that receive this policy will automatically use XTS-AES 128 as the default encryption method for BitLocker.