Explainedback-iconMiscellaneousback-iconWhat is BitLocker and why is it used?

What is BitLocker and why is it used?

Data on a lost or stolen Windows device is vulnerable to unauthorized access. Even if the computer is secured with a strong password, data may still be lost by other means. BitLocker drive encryption assures that only those with the required encryption key can decrypt and access your files and data.

Remotely configure BitLocker for Windows devices using Hexnode

A Trusted Platform Module chip, or TPM (version- 1.2 or later), is the most significant hardware element necessary to support BitLocker drive encryption. However, BitLocker can also be activated in devices without TPM version 1.2 or later. For this, the user has to insert an additional USB startup key. But this will be required every time to start the computer.

For installation, it is recommended to Install BitLocker on a machine that has a TPM version 1.2 or 2.0 and a TCG-compliant BIOS. Also, use of startup PIN during encryption is deemed more secure.

In case you forgot your PIN, or if you couldn’t unlock the contents normally, one could still recover it. You have the following choices for restoring drive access:

  • The user can use their Microsoft Account online to type in the 48-digit recovery password.
  • The drive can be unlocked using the credentials of a data recovery agent.
  • The recovery password can be obtained from Active Directory Domain Services (ADDS) and used to open the drive by a domain administrator.

Finally, about the recommended encryption method. For operating system drive and fixed data drive, XTS-AES algorithm is best recommended. But for removable drives, AES CBC 128 or AES CBC 256 encryption method enable the users to access it on all devices.

Hexnode UEM supports BitLocker for Windows 10 Pro, Enterprise, and Education editions. Having understood what BitLocker drive encryption does, let’s now see why one should go for it.

BitLocker helps to

  • Secure your confidential data stored in a laptop or stolen drives from PCs.
  • Encrypt and secure data stored in external disks and USB drives.
  • Prevent an attacker from accessing a company’s system disk. The system disk is often used as a source of trust to access other company devices.
  • Secure data even in case of disk crash and facilitate safe disk disposal.