BitLocker and TPM

BitLocker TPM requirements – your quick guide

BitLocker TPM

A requirement for BitLocker, TPM version 1.2 or higher will protect against any hardware or firmware tampering and is fairly universal nowadays. BitLocker now offers five primary authentication methods.

BitLocker TPM + PIN

The Microsoft recommended option requires users to log in twice – once at BitLocker pre-boot and again at Windows. Windows credentials and BitLocker credentials aren’t linked, so this option is secure, but not exactly user friendly, because there is no option for Single Sign-On (SSO).

BitLocker TPM + Network key

This option BitLocker TPM option allows Network Unlock, but requirements for a WDS server, UEFI and a wired network connection make it complex and not viable in many IT environments.

BitLocker TPM-only

The most widely used option in our interactions with customers, this requires no user interaction whatsoever, but even Microsoft warns that it "offers the lowest level of data protection” and “can be affected by potential weaknesses in hardware".

BitLocker TPM + Startup Key

This option requires users to carry a USB device containing the same encryption key – creating potential security and usability concerns.

Startup Key only

Like the option above, Startup Key only requires a USB device containing the same encryption key.

So how can IT administrators ensure high-grade security with flexible, agile use? The answer is WinMagic’s SecureDoc On Top (SDOT) for BitLocker, combining productivity and security for the ultimate enterprise solution.

To find out how it could benefit your enterprise, just read on...