BitLocker Recovery Issues Revealed During CrowdStrike Outage

• During the CrowdStrike outage in 2024, organizations that had not accounted for BitLocker recovery suffered an expensive “hands-on” recovery of many endpoints. 
• BitLocker’s primary benefit (full-volume encryption) can quickly become its biggest pain point if recovery keys are not managed ahead of time.
• BitLocker is now ubiquitous, so companies should modify and update their recovery processes to work with BitLocker-encrypted volumes.

The accidental rollout by CrowdStrike of a flawed driver configuration on July 19, 2024, resulted in approximately 8.5 million unbootable Windows 10 and 11 systems globally. The impacted endpoints were running CrowdStrike’s Falcon endpoint detection and response (EDR) software and were online during the hour-and-a-half window when CrowdStrike pushed the flawed software. Numerous reports discussed what vendors like Microsoft could do to avoid such incidents and how deeply and broadly software vendors test their services and software in 2024. But this outage also exposed a general weakness in the Windows ecosystem: The lack of native support across Microsoft’s own tools to help customers recover systems where Windows is running from a BitLocker-protected volume. With the upcoming Windows 11 24H2 update, Microsoft is enabling BitLocker Device Encryption on clean installs of the OS and reducing the system requirements as to when this will happen. This change could provide unpleasant surprises for organizations during future incidents if BitLocker recovery keys are not managed ahead of time.