If you want to enable Bitlocker during the ENGL build process this is the TID to digest first: “TID-2018001: Enabling BitLocker during the Build Process [ZENworks]” when using ZENworks or “TID-2018003: Enabling BitLocker during the Build Process [SCCM / ENGL Custom Deployment]” when using ConfigrMgr or ENGL custom deployment.
The registry settings below and its related information is taken from the “Operating system drive encryption settings” of Group Policy Home and Enable BitLocker Encryption on Windows 10 without TPM.
More references are BitLocker basic deployment, BitLocker Group Policy settings and Enable Trusted Platform Module on Virtual Machine.
This is taken from “Require additional authentication at startup“:
Windows Registry Editor Version 5.00
;Control Panel Classic View
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000
;Allow TPM
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000001
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000002
"UseTPMKeyPIN"=dword:00000002