How to manage Microsoft Windows BitLocker

this is Susan Bradley for CSO online
today we’re going to talk about ways that we can determine if we’ve got
BitLocker enabled on our machines but first a little bit of background as to
why this topic came up recently in the July updates all of the servicing stacks
for Windows 10 came out with updates to address an issue with secure boot
feature that may cause BitLocker to go into recovery mode because of a race
condition as you can see in the KB article our security section for all of
the the servicing stack Windows 10 all the way back to Windows Server 2012 all
received the servicing stack update to fix this issue this first came up in May
updates when Jody Mukherjee on the patch management organist identified that
certain updates were causing this issue if you had BitLocker enabled you had a
hard time patching that month on some machines if BitLocker was enabled it
actually caused the system to not boot properly you had to go and suspend
BitLocker and then go ahead and install the update now normally BitLocker is a
very quiet technology it cooperates very well with
Windows Update this time it didn’t and it brought up the question in my mind of
do we have at our fingertips at a moment’s notice
ways that we can identify which machines do and do not have BitLocker one of the
easiest ways of course is PowerShell from a PowerShell command prompt type in
manage – B – E – status C and we’ll come back whether or not the system is
encrypted or not takes a little bit of time then it comes back with the status
and there it comes back with the report of the system indicating that the drive
is fully encrypted one thing to think about when rolling out BitLocker is ways
to help the end user self recover again the BitLocker usually has problems with
updating but in case you do have issues it’s wise to have us a plan in place so
the end users have the ability to get back that recovery key there’s a couple
of ways you can do it if you have a xuer active directory you can actually hook
it in and have it available all in their portal as you can see from the account
active directory windows azure page my home computer is tzur Active Directory
joint and if I had an issue all I’d have to do is log in with my credentials and
I could click here and get that BitLocker key if you don’t have as our
Active Directory let’s say you just use Microsoft accounts those BitLocker
recovery keys are automatically uploaded to a live site in fact if you’ve ever
purchased surface devices you may not realize this but if you log in
automatically with a Microsoft account those BitLocker recovery keys are
automatically saved up in the cloud you go to account on slash
devices and your BitLocker recovery keys are there you may even have recovery
keys from long ago devices here I’ve got some old old surface devices that I
don’t even have around anymore and still have the BitLocker recovery key up in
the cloud bottom line there’s many ways to control and manage those BitLocker
keys until the next time this is Susan Bradley for CSO online

, , , , , , , , , , , , , , ,

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *