BitLocker is a security feature in Windows that helps prevent unauthorized access to data by encrypting the entire system drive or selected drives on the computer. While an enabled BitLocker can be disabled locally through the Windows Command Prompt, the Control Panel, or Powershell, Miradore offers several different ways to remotely disable BitLocker, making it easy to manage authorized access to a Windows device. In addition, Miradore stores the recovery key on the device page so that administrators can retrieve it effortlessly.
Requirements
- Miradore Premium or Premium+ subscription
- Miradore-enrolled Windows device
- Miradore Client version 1.3.2 or newer installed on the Windows device
- Trusted Platform Module (TPM) chip installed in the Windows device
The following table shows the Windows versions and editions with which BitLocker can be used:
| Windows version |
Pro |
Enterprise |
Ultimate |
Education |
Home |
| Windows 10 and Windows 11 | - | - | |||
| Windows 8.1 | - | - | - | ||
| Windows 7 | - | - | - |
Disable BitLocker for a single Windows device in Miradore
To turn off BitLocker for Windows devices one by one, you can remove the configuration profile used to enable BitLocker.
Note: You can only disable BitLocker by removing the configuration profile if BitLocker was enabled through a configuration profile.
- Navigate to Management > Devices.
- Open the Device page of the Windows device for which you want to turn off BitLocker and select the Deployments tab.
- Find the configuration profile that was deployed to enable BitLocker under Configuration profiles and use the
icon to remove the configuration profile.
Disable BitLocker for multiple Windows devices in Miradore
To turn off BitLocker for several devices at once, you can use the Devices page in Miradore.
Note: You can only disable BitLocker by removing the configuration profile if BitLocker was enabled through a configuration profile.
- Navigate to Management > Devices.
- Select the devices for which you want to disable BitLocker using the checkboxes.
- Select Deploy > Remove configuration profile. The Remove configuration profile wizard opens.
- Select the configuration profile that was deployed to enable BitLocker in the list of configuration profiles using the checkbox and select Next.
- Confirm the configuration profile removal by selecting Remove.
Disable BitLocker if it was not enabled through a configuration profile via Miradore
If BitLocker wasn't turned on by deploying a configuration profile on the device through Miradore, you can use a script to disable it and run it on the device straight from Miradore.
- Navigate to Management > Applications.
- Select Add and choose Windows application.
- Select Advanced (no media) and select Next.
- Enter the following details for the command:
- Description (optional)
- Application name (required)
- Command type (required)
- CMD script (required)
- Success return codes (required)
- Required free disk space (MB) (optional)
Example script application details for disabling BitLocker You may use the following CMD script:
manage-bde -off C:.
- Select Create, then Close.
- Deploy the application to the device(s).
Remove BitLocker using the recovery key
The BitLocker recovery key can be used to unlock an encrypted drive directly on the computer. If Miradore was used to enable BitLocker on a device, the recovery key is stored on the device page's Inventory tab. For detailed information on the BitLocker recovery key and how to find it in Miradore, see Finding the BitLocker recovery key.
Previous Article:
« Wipe a Windows device
Next Article:
Disable BitLocker on Windows »