BitLocker is an encryption feature for Windows devices. Encryption is a way to protect your system against unauthorized access and keep your data safe and secure.
This article describes how you can remotely enable BitLocker drive encryption for your Windows devices with Miradore.
You can choose to encrypt only the C: drive or all fixed drives. Same encryption method must be used to encrypt all drives on a computer.
Requirements
- Enterprise plan of Miradore
- Windows device must be enrolled to Miradore and have a Miradore Client version 1.3.2 or newer installed
- Device must have a TPM (Trusted Platform Module) chip
- Supported Windows versions and editions are described on the table below
Windows versions supporting BitLocker | Pro | Enterprise | Ultimate | Education | Home |
Windows 10 | – | – | |||
Windows 8.1 | – | – | – | ||
Windows 7 | – | – | – |
How to enable Bitlocker in Four Steps
1. Go to Management > Configuration profiles and click the blue Add button.
2. Choose Windows > BitLocker and configure encryption settings.
Pay attention to the Windows version and drive type (fixed, removable) when choosing the encryption method. More information about the encryption methods is provided on the field tooltip.
Click Next to finalize the profile creation.
3. Navigate to Management > Devices page and use the check boxes to select devices.
4. Click Deploy > Configuration profile to start the distribution wizard.
Notice that you cannot deploy the configuration to devices that are managed only through the built-in MDM profile.
Encryption may take some hours depending on the drive size. You can monitor the encryption status from the Windows dashboard widgets or from the Security table on the Device page.
Read more about viewing the BitLocker encryption status of your Windows computers in Miradore.
How to disable BitLocker?
Turn off BitLocker drive encryption simply by removing the deployed configuration profile from the device(s).
You can remove configuration profiles from a single device easily from the Device page.
For multiple devices, you can use the Deploy > Remove configuration profile button which can be found from the Devices page.
Automate with business policies
You can also create a business policy that deploys a BitLocker configuration profile automatically to all devices having a certain tag.
For more information, read How to create a business policy.
Previous Article:
« Collected Windows 10 Inventory
Next Article:
Viewing the Bitlocker Disk Encryption Status of Your Windows Computers »