Managing Windows BitLocker

• Organizations should use and centrally manage BitLocker Drive Encryption.
• Organizations using Microsoft BitLocker Administration and Monitoring (MBAM) should start their search for a replacement.

BitLocker Drive Encryption(BitLocker) is a data protection feature integrated into Windows Pro and higher editions. The feature protects devices running Windows 10 by reducing the threat of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Organizations should manage BitLocker centrally to ensure it is used properly and data can be recovered, but the choice of management tools is changing.

Although BitLocker is available with Windows 7 SP1 and with Windows 8.1, this report focuses on Windows 10.

BitLocker Drive Encryption

BitLocker encrypts entire disk volumes, including boot volumes. To access the encrypted data, the user must generally log on to the device. BitLocker’s protection is strongest when a protected device is first booted but before a person has logged on to the device because after a person logs on he can access the encrypted data. This means, for example, that BitLocker cannot protect a computer if a logged-on user is away from the device.