To effectively secure digital data, it should be encrypted so that it is accessible only for authorized users. BitLocker is a native encryption tool available on certain Windows operating systems. For individual users, it can be manually enabled. However, for an organization with a vast number of machines, BitLocker management software is crucial. Endpoint Central's BitLocker management enables IT admins to easily configure BitLocker encryption settings, and effectively monitor the drive encryption statuses of all managed systems across the network.
By utilizing Endpoint Central's BitLocker management, IT admins can achieve the following:
This document will explain you about the key features and pre-requisites of BitLocker:
Periodic scans are automatically initiated by Endpoint Central. Once a scan is completed, a comprehensive report of the BitLocker drives encryption settings are applied on each computer. The main details of the BitLocker reports are reflected in the dashboard through various illustrations that provide for easy analysis.
Endpoint Central also scans each endpoint to check for the availability and subsequent status of the TPM. A TPM is a chip inserted on the motherboard of some computer by its manufacturer. While BitLocker encryption provides software level protection, TPM provides hardware-level protection. After a scan, a detailed report on the TPM status for each computer is made available to the IT admin.
On managed computers with BitLocker components enabled, both encryption and decryption policies can be easily constructed, deployed and modified. Endpoint Central's BitLocker is equipped with granular settings so the IT admin can implement policies that satisfy both user requirements, and the cybersecurity standards of the organization. IT admins can choose to enable full space encryption, the recommended option for optimal security. Alternatively, to save time, they can choose to encrypt only the OS drive, and/or only the used disk space.
BitLocker encryption and TPM work best with other protection and authentication methods, such as passphrase. While creating a policy using Endpoint Central, the IT admin can also choose to incorporate password protection along with TPM as an added layer of security. If the computer does not have TPM, BitLocker encryption can still be implemented, but instead of TPM, a passphrase protection scheme can be enforced.
Once the encryption is completed, a recovery key will be generated by BitLocker which can be utilized in the instances when a user forgets their password. It can also come in handy when a malfunction causes the hardware on a computer to become corrupted. If the hard disk of that computer can be salvaged, the IT admin can insert the disk into another computer, and enter the recovery key to access its contents. In Endpoint Central, IT admins can configure settings during policy creation so that recovery keys can be automatically renewed after a specified number of days. The existing recovery keys will be silently replaced by new recovery keys, and the IT admin can also choose to automatically have these recovery keys updated in the domain controller.
BitLocker is supported in the following OS versions
BitLocker needs to be enabled in Server OS to encrypt the machine and to use BitLocker Recovery key storing. Follow the steps below to enable BitLocker in Server OS
Download a 30-day free trial and try it out for yourself!
For more information on the new Endpoint Security suite products including BitLocker Management, refer here.