We need to set the PCR Settings more detailed, for example PCR-0,2,3,4,7 and 11,so that we can follow our internal company security guidelines for securing our Windows 10/11 clients. As by today this is only possible by Microsoft GPO Settings, because the Drive Lock settings are not precise enough and will "combine" several settings (PCR-0,2,11) into one option for "yes or no" only.

As far as we understand there are 2 "Global options" in the BitLocker-Settings, which are the options behind PCR settings.

Reference: https://drivelock.help/versions/2023_2/web/en/complete/content/encryption/tasks/task_bl_pbaset.htm

The 1st Option "Automatically unlock ..." will set (hardcoded at BitLockerVolume.cpp / PCR 0,2 and 11)The 2nd Option will remove PCR-2, so only PCR-0 and 11 is active.
Other PCR-settings can not be set at all (by DriveLock Configuration).