Bitlocker Information and Requirements

Issue/Question

  • How is Bitlocker enabled on new installs of Windows?
  • What are the requirements for Bitlocker?
  • What information do I need to know when using Bitlocker?
    • What do I need to do before having a device serviced?
    • What steps do I need to take after having a device serviced?

Environment

  • Oregon State University
  • Students/Faculty/Staff
  • Windows users
  • Windows
  • Bitlocker 

Explanation

Bitlocker is a disk encryption utility created and managed by Microsoft, and primarily used for Windows operating systems.  It has methods of partial or full disk encryption, and requires TPM or an external USB key in order to use Bitlocker.  Requirements

Bitlocker makes your Operating System more secure by encrypting your disk and preventing bad actors from accessing your disk contents when your device is powered off.  If someone were to steal your device they cannot access your contents without providing a PIN/Password to unlock the drive.
If your device is managed by OSU, then the device can be automatically unlocked when you start up your device.

For new devices and devices which have a networked Microsoft account logged in, Bitlocker will be automatically enabled and your device encrypted.  It's very important to back up your recovery key as soon as possible to make sure you can access your data in the event that the lock triggers on your device.
There are multiple methods to back up this key, including:

  • Save to Microsoft Account
  • Save to a file
  • Print the recovery key

When choosing to save to file options, please make sure to save to a location that you will always have access to, and preferably a copy on a USB drive.  If printing the key, place the recovery key in a safe location only you have access to.  You may also print the recovery key to a PDF file and save this to a location that you have access to.

You may also choose options on how a drive is unlocked.  These methods include:

  • Enter a PIN
  • Insert a USB flash drive
  • Let Bitlocker automatically unlock my drive

The last method will be the fastest way to boot your device, but will require having a recovery key available if something goes wrong.

 

Resolution

Install BIOS Updates and other Critical System Updates

  1. Go to Bitlocker settings
  2. Click Suspend Bitlocker or Turn off Bitlocker
  3. Wait for the system to suspend or entirely disable Bitlocker
  4. Finish installing system updates and restart
    1. If you suspended protection it will be re-enabled after logging back into your account
    2. If you turn off Bitlocker, you'll need to re-enable Bitlocker to be protected again

Bringing a device to an IT Professional

  1. Go into Bitlocker settings 
  2. Click "Turn off Bitlocker"
  3. Shutdown your device and bring your device in for service.
    1. If you cannot disable Bitlocker, please bring the recovery key or ensure the key is backed up in your Microsoft account

Assistance

For assistance, contact the Service Desk.

Print Article