This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 53%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Greetings,
Pre-Windows 8.1 days, if you enabled the FIPS compliance GPO, you weren't allowed to create and back-up the recovery password to AD by design due to security reasons or something along those lines.
Anyway, that was apparently addressed with Windows 8.1 and onward. However, what I haven't been able to confirm is would it now be OK to back up the BitLocker recovery passwords to AD and still be FIPS 140-2 compliant regarding BitLocker?
I haven't been able to find a clear answer on that. Thanks for your time.
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to mark it as an answer.
If no, please reply and tell us the current situation in order to provide further help.
Hi,
"Microsoft validates cryptographic modules on a representative sample of hardware configurations running Windows 10 and Windows Server. It is common industry practice to accept this FIPS 140-2 validation when an environment uses hardware, which is similar to the samples used for the validation process."
More information please refer to the following article:
https://learn.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation
https://learn.microsoft.com/en-us/microsoft-365/compliance/offering-fips-140-2?view=o365-worldwide
Hope above information can help you.