Q: Can I use BitLocker-based Device Encryption for Windows computer accounts that are joined to an off-premise Azure Active Directory (AD)?
A: Yes, this is possible starting with Windows 10. Device Encryption can now automatically encrypt devices that are joined to an Azure AD domain. Also, when the device is encrypted, the BitLocker recovery key will be automatically stored in the Azure AD instance.
Microsoft introduced BitLocker-based Device Encryption in Windows 8.1 and Windows Server 2012 R2. It protects the OS drive and any fixed data drives on the system using 128-bit AES-based BitLocker encryption. To support device encryption, the system must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems. See the following URL for more information on ConnectedStandby: https://msdn.microsoft.com/en-us/library/windows/hardware/dn481238(v=vs.85).aspx.