![check bitlocker status check bitlocker status](https://scd-systemcenterdude.netdna-ssl.com/wp-content/uploads/2019/01/76873-2.png)
For HAADJ, the user ESP may be skipped altogether depeding on the configuration and environment.
CHECK BITLOCKER STATUS WINDOWS
As such you may find the device directly going to the User ESP post the Windows login for an AADJ sceanrio. ? The FSIA, as I have seen in most environment, remains disbabled via an OMA-URI policy. ? For the Hybrid AAD join process, device will always bring up the Windows login screen post completeing device ESP for user to sign-in.
![check bitlocker status check bitlocker status](https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/media/bitlocker-computer-compliance.png)
However, if there is a restart during the device ESP for AAD join process, post device ESP, the device brings up the Windows login screen where the user has to perform sign-in, post which the FSIA is displayed. ? For the AAD join process, if there is no restart during the device ESP phase, the login credentials are cached to perform the Windows login automatically, which makes it seamless. ? This is the time when Windows logs off from the defaultuser0 built-in system account under which the OOBE process was running till now and creates and logs in the actual end-user account to complete the user profile setup. If the Bitlocker silent encryption pre-requisites are met, the actual encryption process starts post the First Sign-In Animation (FSIA) after the Windows login process. ? For HAADJ, I have seen that devices must be able to establish communication with AD if on Internet for Bitlocker to escrow recovery key to AD. ? If configured encryption algorithm and strength is different than the default 128-bit encryption scheme, then there must be an Intune restriction to block automatic encryption.
![check bitlocker status check bitlocker status](https://i.stack.imgur.com/tcRS8.png)