Bitlocker on Hyper-V Virtual Machine

Update 2017.11.29 - Thanks to for the idea, I was able to get FDE working using a pass-through disk, see bottom of post for more info.

Short post to go over something I found while researching Bitlocker Full Disk Encryption on Hyper-V virtual machines.

I was testing Enabling Bitlocker during our Task Sequence, and I didn’t have any physical machines to test on, no problem right?  With Hyper-V, you can now enable virtual TPM on Gen2 VMs, and have all the yummy goodness of UEFI, Secureboot, Bitlocker, Credential Guard all on your VM!  So I started testing, everything worked!  But when I checked the Bitlocker Status (manage-bde –status), it showed I was only encrypting Used Space.  While this would be fine for a Virtual Machine, I was confused because I told it to use Full Disk, NOT used space.  I ran many tests, trying several different things, but in the end, it never came out as I expected, with Full Disk.  Even post OSD, if I decrypted, ensured policy was set for Full Disk, it would only encrypt Used Space.  Finally, I gained access to a physical test machine, ran the exact same Task Sequence, and there it was, Full Disk Encryption. – Testing done on Hosts: Win 10 1607, 1709 & Server 2016.  VM’s running 1703 and 1709. Security settings were set to Enable Secure Boot & Enable TPM, tested Dynamic expanding & fixed disks. (Not Pass-through)
Read more