Frequently Asked Questions (FAQ)

BitLocker Policy Creation

What happens to machines under a policy when the policy is modified?
What happens when TPM is not detected in a machine due to some hardware failure?
What happens when you delete a policy?
What happens when multiple policies are deployed to the same endpoint?
What happens when a new BitLocker encryption policy is applied to machines which are already encrypted?
I have encrypted my machines using startup keys or network unlock (separate from BitLocker). What will happen once I install the BitLocker management agent?
What happens when a machine is removed from a Custom group, or if the machine no longer meets the criteria of the Dynamic CG?
What happens to the encrypted data drives when "Encrypt OS Drive Only" option is selected?
How does changing the "Encryption Settings" of a deployed policy affect its functionality?
How are the drives fully encrypted without deploying the policy?
What are the criteria for setting a password or PIN?

BitLocker Policy Association & Deployment

When will the BitLocker encryption/decryption process begin?
Is there any active period for deployment/starting BitLocker?
What happens when the drive is in suspend protection state?
What is the outcome when a policy is applied to data drives that have already been manually protected?
Is a system restart required for BitLocker encryption to take effect?
Is it okay to have both Group Policy configuration and BitLocker policy applied together?

BitLocker Pre-requisites

What versions of Windows does BitLocker support?
Why are the portable drives not getting encrypted?

BitLocker Audit & Reports

How can I find the current BitLocker status for each machine?
Why is my machine not listed under managed systems or included in the BitLocker report?
Why is the encryption status shown as "Partially Encrypted"?
Why is the protection status disabled for fully encrypted drives?

BitLocker Recovery Key

Why is the recovery key not synced in domain controller even though the option to update in domain controller is enabled?
Will BitLocker encrypt the managed machines in my domain even if the recovery key information is not synced in the domain controller?
Does the Central Server manage the recovery passwords of computers that are encrypted by software other than BitLocker management?
How do I retrieve the Recovery Key in the event of any hardware malfunctions within the server?
What happens if the Active Directory (AD) is unreachable when ManageEngine BitLocker attempts to update the Recovery Key?
Why is the recovery key for the encrypted data drive inaccessible, while the key for the encrypted OS drive is visible?