If the domain controller is not reachable or if the domain admin access permissions do not allow recovery key information to be updated in the domain controller, then the recovery key cannot be stored there.
Yes, as per the current policy flow, BitLocker will encrypt the drives even if a domain controller sync does not occur.
Yes, the Central Server manages all recovery passwords.
If the encryption settings in the new BitLocker policy is different from the currently existing encyrption settings of the machine, the newly deployed policy will be enforced.
BitLocker will only enforce encryption status changes to the machines to which a BitLocker policy is applied.
The configurations in the most recently associated policy will be applied to the machine.
The agent will initiate BitLocker processes during its refresh cycle and its execution (time taken for operation to complete, speed of the operation, etc) will be based on the individual machine.
No, only the OS versions below Windows 10 would require a restart.
No, BitLocker can be enabled and policies can be deployed at any time.
It is advised to configure a scheduled database (DB) backup that is stored in a safe path. The steps to configure the DB backup can be found here. Once that's done, the recovery keys of the drives can be found from the backed up DB files.
The current status of each machine will be updated during the refresh cycle. On-demand status can be obtained for a computer separately as well by navigating to Insights > Managed Systems >
Note: Agent-server communication is important for the data to be updated on time. If there is any interruption or temporary delay, then you might not see the updated data.
Possible reasons include:
You can contact support for assistance if you are encountering these issues.
BitLocker supports Windows 7 and above.
Download a 30-day free trial and try it out for yourself!
For more information on the new Endpoint Security suite products including BitLocker Management, refer here.