BitLocker is a disk encryption feature for Windows devices. Encryption is a way to protect your system against unauthorized access and keep your data safe and secure.
This article describes how you can remotely enable BitLocker drive encryption for your Windows devices with Miradore.
You can choose to encrypt only the C: drive or all fixed drives. The same encryption method must be used to encrypt all drives on a computer.
- Premium Plan of Miradore
- Windows device must be enrolled to Miradore and have a Miradore Client version 1.3.2 or newer installed
- The device must have a TPM (Trusted Platform Module) chip
- Supported Windows versions and editions are described in the table below
|Windows versions supporting BitLocker
|Windows 10 and Windows 11||-||-|
How to enable Bitlocker in Four Steps
1. Go to Management > Configuration profiles and click the blue Add button.
2. Choose Windows > BitLocker and configure encryption settings.
Pay attention to the Windows version and drive type (fixed, removable) when choosing the encryption method. More information about the encryption methods is provided on the field tooltip.
Click Next to finalize the profile creation.
3. Navigate to Management > Devices page and use the checkboxes to select devices.
4. Click Deploy > Configuration profile to start the distribution wizard.
Notice that you cannot deploy the configuration to devices that are managed only through the built-in MDM profile.
Encryption may take some hours depending on the drive size. You can monitor the encryption status from the Windows dashboard widgets or from the Security table on the Device page.
How to disable BitLocker?
Turn off BitLocker drive encryption simply by removing the deployed configuration profile from the device(s).
You can remove configuration profiles from a single device easily from the Device page.
For multiple devices, you can use the Deploy > Remove configuration profile button which can be found on the Devices page.
Automate with business policies
You can also create a business policy that deploys a BitLocker configuration profile automatically to all devices having a certain tag.
For more information, read How to create a business policy.