BitLocker drive encryption

BitLocker is a Microsoft's security feature for encrypting all data on a computer's hard disks.

Miradore's initial installation feature supports Bitlocker encryption. This means Miradore can be configured to enable the encryption of Windows operating system volume on managed devices during their initial installation.

At the moment, there isn't a ready-made package in Miradore for enabling Bitlocker encryption after the initial installation. However, it is possible to use Bitlocker tools to create an installation package which enables the Bitlocker drive encryption for a device that has already been installed earlier. If you need such a package, please contact Miradore support for help.

Requirements

BitLocker drive encryption can be enabled with Miradore initial installation for managed computers if the following requirements are met:

You are using Miradore Management Suite 4.3.0 or later.
You are using Windows Preinstallation Environment (WinPE) 4.0 or later for initial installations (it's recommended to use the ADK for Windows 10)
Target computer has a Trusted Platform Module (TPM) chip, which is enabled and active.
Target computer's operating system is one of the following: Microsoft Windows 7 Enterprise/Ultimate or Windows 8 (or later) Enterprise/Professional or Windows Server 2008 R2 (or later).

Also notice that when BitLocker is used, at least two partitions will be created to the target computer's system disk, because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive.

How to enable BitLocker with Miradore initial installation

Miradore's initial installation tool enables the BitLocker drive encryption for managed Windows computers according to the scope that has been defined in the system settings of Miradore Management Suite.

You can find settings for configuring the use of BitLocker from "System settings > Main > Installations management > Initial installations settings" in Miradore Management Suite. For field descriptions, please refer to System settings for installations management, or click the info icon in the user interface.

BitLocker inventory and reporting

Miradore clients collect information about managed computers' TPM chip and BitLocker status. The gathered information can be browsed in Computer - Logical disks view and Computer - Summary view by selecting the desired columns to be shown. In addition to that, inventory information about the TPM chip and BitLocker are also shown on the Asset configuration item's hardware inventory tab separately for each device. On the Asset configuration item, the information can be found from the "Logical disk" and "Trusted Platform Module" fields as depicted in the picture below.

Administrators, Editors, and Help desk operators have the required user permissions to open the highlighted fields for more information, such as encryption recovery key. Also Miradore users in other roles have permissions to open those fields for details if they have a write access to the asset configuration item at hand. Write access can be granted for Miradore users with custom item permissions.

Inventory information about the BitLocker and TMP chip is also available through Miradore web service API and also in the report builder.