Microsoft BitLocker: five things you need to know

Deploying Microsoft BitLocker on Windows 10? Read this before you start

Microsoft BitLocker is often seen as the perfect encryption method to support the security credentials of Microsoft’s operating system.

For enterprises of all sizes that are dominated by the Windows Operating System, Microsoft’s BitLocker is a logical first step to encrypt user devices. It’s a good encryption solution. But BitLocker won’t address every device being used across every platform in today’s flexible work environments. You still need a solution to manage, monitor and protect your BitLocker deployment.


Microsoft BitLocker is one of many encryption solutions that IT pros should consider as part of their device or drive encryption approach. It goes without saying that Microsoft BitLocker does not extend beyond Windows devices, so naturally companies need to consider it alongside other encryption options. Given the ongoing prevalence of multiple operating systems within enterprise computing, it’s necessary to create a truly comprehensive strategy for securing all devices before deploying Microsoft BitLocker – to fully realize the benefits of FDE on all platforms.

 SES BitLocker ManagementMBAM
 

With SecureDoc
Pre-boot

With BitLocker
Pre-boot

BitLocker

Pre-Boot Authentication

     
Unique user authentication at pre-boot
Pre-Boot network user authentication (AD)
Multifactor authentication (tokens, smartcards, biometrics)
Secure network auto unlock
Offline self-help password recovery option
Challenge and response password recovery
Customizable Pre-Boot Screen

Windows Security Features

     
Single Sign on
Password Synchronization
Policy driven Removable Media encryption with key management
Policy driven File and Folder encryption with key management
Challenge and response password recovery for removable media encryption
Port Control

Auditing and Reporting

     
Client pre-boot login auditing
BitLocker Recovery key access auditing

Installation and Deployment

     
Single location to configure BitLocker policies (No need to configure GPO)
Automatic TPM Provisioning
Ability to secure and manage OS that do not support BitLocker
Supports Self-Encrypting drives (TCG Opal drives)
Supports Self-Encrypting Drives (E-Drive)
Supports importing of standalone BitLocker enabled machines into centralized management
Silent deployment with no user interaction
 

With SecureDoc
Pre-boot

With BitLocker
Pre-boot

BitLocker