Data Loading...

BITLOCKER EXPO Flipbook PDF

BITLOCKER EXPO

105 Views
73 Downloads
FLIP PDF 653.54KB

DOWNLOAD FLIP

REPORT DMCA

BitLocker Drive Encryption DATA PROTECTION FEATURE

Brainer Mendoza | BitLocker

What is BitLocker? • BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker is a hardware-enhanced security feature which enhances data protection by uniting two major sub-functions: · ·

Full drive encryption Integrity checking of early boot components (secure startup)

Brainer Mendoza | BitLocker

On computers that do not have a TPM version 1.2 or later, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation.

Brainer Mendoza | BitLocker

BitLocker: How to Enable KB0025173

Step 1: Click Start, type Control Panel, and then click Control Panel Step 2: System and Security, and then click BitLocker Drive Encryption. Step 3: On the BitLocker Drive Encryption dialog box, under Operating system drive, click Turn on BitLocker. Step 4: On the Choose how to unlock your drive at startup dialog box, click Let BitLocker automatically unlock my drive (recommended). Important: Depending on the policy, you may or may not see this dialog box. If you do not, proceed to step 5. Step 5: On the How do you want to back up your recovery key? dialog box, click Save to your cloud domain account (recommended for AAD and Workplace-joined devices). Note: If you do not see an option to save to your cloud domain account please ensure that your device is AD, AAD, or Workplace Joined before proceeding.

Brainer Mendoza | BitLocker

BitLocker: How to Enable KB0025173

Step 6: On the Choose how much of your drive to encrypt dialog box, chose one of the options, and then click Next. Note: We recommend that you choose the Encrypt used disk space only option for fast encryption. There is no risk of data loss. Step 7: On the Choose which encryption mode to use dialog box, chose an encryption mode, and then click Next. Note: We recommend you choose New encryption mode (best for fixed drives on this device) unless the drive is a removable drive. Step 8: In the Are you ready to encrypt this drive click Continue. Step 9: If you are prompted to restart your computer, save your work and then click Restart now.

Brainer Mendoza | BitLocker

What is BitLocker recovery key? Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized. Why is Windows asking for my BitLocker recovery key? Windows will require a BitLocker recovery key when it detects an insecure condition that may be an unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure.

Brainer Mendoza | BitLocker

How to find my BitLocker recovery key? https://account.microsoft.com/devices/r ecoverykey?refd=support.microsoft.com

https://aka.ms/aadrecoverykey

Brainer Mendoza | BitLocker

BitLocker: Active Directory KB0024724

> Open Active Directory Users & Computers > Right-click the domain, then select Find… > In the search form, select Computers from the list and then select the domain the effected device is a member of. > Enter the computer name and click Find Now. > If the computer is found it will be displayed in a list. > Double-click to open the Computer’s property sheet. > Click the BitLocker Recovery tab to view keys that have been stored for this computer. > Find the key matching the Key Id provided by the caller.

• If your device is locked on the Bitlocker screen, you can use the Bitlocker recovery self service tool to get your Bitlocker Recovery Key.

To start, access self-service portal from another device.

Brainer Mendoza | BitLocker

Bitlocker Recovery Key Self Service tool

9

BitLocker: Password Recovery KB0024724 Domain Joined PC’s (Fareast, Europe, Redmond etc.)

Azure Active Directory (AAD) Domain Joined PC’s:

https://aka.ms/BL or https://aka.ms/BitLoc kerRecovery

https://aka.ms/AzureBitLockerRecovery

Brainer Mendoza | BitLocker

10

Brainer Mendoza | BitLocker

BitLocker Password Recovery

Please check with SME’s for Bitlocker Recovery Password requests and do not escalate such tickets to Windows T2

SME INSTRUCTIONS: If you are unable to find the recovery key in MBAM/AD, please follow BitLocker: Password Recovery BitLocker: Support parameters and escalation information KB0024726

Escalation Information: Primary Escalation Path: •Assignment group: Service Operations-Windows

Brainer Mendoza | BitLocker

Support Information Product Categorization: •Category: Application & Service •Sub Category: select appropriate •Configuration item: Microsoft BitLocker Administration and Monitoring Role/Component:

BitLocker: Support parameters and escalation information KB0024726

• • • • • •

Invalid Key No Secondary Machine\Mobile Not Aware of Self-Service Tool Recovery Not Found Settings User Not Valid

Brainer Mendoza | BitLocker

Helpdesk will request the following information:

BITLOCKER RECOVERY BY HELPDESK KB0024724

1.Confirmation of identity. Refer to the VERIFICATION PROCEDURE section below for policy. 2.Domain the machine is joined to. 3.Computer name (Drive Label) from BitLocker Password entry screen. 4.Password ID: first 8 characters from BitLocker password entry screen. VERIFICATION PROCEDURE: Applicable to the below account types: • FTE • Agency Temporary [a-] • Business Guest [b-] • International Contractor [i-] • Intern [t-] • Vendor [v-] • Seller [p-] Brainer Mendoza | BitLocker

IRM Mail: Subject:? BitLocker Recovery Password Request for Incident

Hello, You recently contacted the Helpdesk to request your BitLocker Recovery Password. It is < insert Recovery Password>. In the future, you have the options to attempt self-service recovery using https://aka.ms/BitLockerRecovery? Thank you,

BITLOCKER RECOVERY {Technician First Name, Last Initial} BY HELPDESK IT Global Helpdesk KB0024724 Regional Call Center phone numbers can be found at http://team/sites/phonelist/default.aspx For self-help assistance or to create an online Service Request, visit My Microsoft IT.

Brainer Mendoza | BitLocker

IRM Mail: Subject:? BitLocker Recovery Password Request for Incident ? Hello, ? has requested their BitLocker Recovery Password. It is . Please provide < client name> with this password. In the future, you have the options to attempt self-service recovery using https://aka.ms/BitLockerRecovery.

BITLOCKER RECOVERY Thank you, BY HELPDESK {Technician First Name, Last Initial} KB0024724 IT Global Helpdesk

Regional Call Center phone numbers can be found at http://team/sites/phonelist/default.aspx For self-help assistance or to create an online Service Request, visit My Microsoft IT. Brainer Mendoza | BitLocker

Voicemail : Delivery of the recovery password via voice mail should be a last resort.

Phone numbers must be retrieved from the GAL or Active Directory. The Recovery Password should be left on the client’s Microsoft voice mail. The voice mail greeting must include their first and last name; however, it is not required for the company name to be mentioned. If they do not have their first and last name recorded, it is acceptable to give them the opportunity to rerecord their voice mail to comply with the security policy. Once updated and verified, the recovery password can be left on the voice mail. Clients may not request the recovery password be left on an alternate phone BITLOCKER RECOVERY number such as a cell phone or home phone. A voice mail message containing a BY HELPDESK password must NOT be left on any non-Microsoft voice mail system. KB0024724 The password can be left on the voice mail of the following as verified in the GAL or Active Directory: 1.Client’s manager or sponsor 2.Client’s manager’s manager (up to but not including the General Manager (GM))

Brainer Mendoza | BitLocker

Brainer Mendoza | BitLocker

Resources BitLocker (Windows 10) - Microsoft 365 Security | Microsoft Docs FAQ: BitLocker Information (microsoft.com) BitLocker Recovery (microsoft.com) End User Services - BitLocker: Password Recovery | ServiceNow (service-now.com) Self-service - BitLocker: Recovering your Bitlocker Recovery Key | ServiceNow (servicenow.com) End User Services - BitLocker: Support parameters and escalation information | ServiceNow (service-now.com) BitLocker recovery guide (Windows 10) - Microsoft 365 Security | Microsoft Docs Self-service - Windows: How to Join-Unjoin to or from AAD Domain | ServiceNow (servicenow.com)

Brainer Mendoza | BitLocker

Thank You ! Brainer Mendoza | BitLocker

Made with

by