This article explains BitLocker Drive Encryption, a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
- BitLocker uses a special chip on the motherboard called a Trusted Platform Module (TPM). It is designed to unlock your encryption key only after confirming that your bootloader program hasn’t been modified. When inside of a local virtualization, the TPM will no longer be accessible, so locking drives again with bit locker will require adjusting the group policy settings. This is also the partner’s responsibility.
- Partners who run local virtualization with BitLocker should know that Microsoft does not officially support BitLocker on partitioned virtual disks, but VMWare has a reference article.
- The Datto solution backs up the data in its current encryption state. If it is backed up decrypted, then it will be restored decrypted. For this reason, Datto recommends using encrypted agents as an added layer of security.
- Since BitLocker happens on a software / Operating System layer it is important to note that Datto will only be able to restore the layers that were already configured by the user. Datto is in no way responsible for the user losing their keys / passphrases for BitLocker.
- Upon restore, BitLocker's state will be the same as when it was backed up. If it is unlocked on backup, it will be unlocked upon restore and potentially vulnerable. This is why Datto recommends using encrypted agents when protecting machines with BitLocker.