We have a working base image for Windows 10, and are able to deploy it using SCCM current branch and MDT 2013 (thanks largely to the guides on this web site). We're now want to start testing the enabling of BitLocker when we deploy new computers. We're already setup BitLocker and are saving recovery keys to AD. We're been doing manual setups of laptops up to this point.
I see a "Enable BitLocker" (Run Command Line) task in the standard MDT task sequence that runs "%deployroot%\scripts\ZTIBde.wsf" if a task sequence variable exists. I don't know what this script is going to do.
However if I Add the Disk > Enable BitLocker task in the TS by hand, I get something completely different. This task is preferable since it's clear when you edit the TS that you know what it's going to do. Does this task assume TPM is already enabled? Is there a step that can confirm TPM is enabled, and if not, enable it?
What's the preferred way to enable BitLocker during image deployment? Is there documentation, or anywhere else, that can help us with this?