Role of BitLocker Drive Encryption in Device Migration.

Garima Das 1,061 Reputation points
2024-06-03T13:06:33.67+00:00

Hi Team,

I have a device that is hybrid-joined and co-managed. The system drives are encrypted using BitLocker and the recovery key is stored in Entra. The device is being migrated from one domain to another using a third-party tool called ForensIT User Profile Wizard. The Device migration software doesn't specify anything regarding interacting with the Drives that are encrypted.

How should we deal with the BitLocker encrypted drives during migration? Any suggestion is appreciated.

Thanks.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,924 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
428 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,170 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 10,196 Reputation points MVP
    2024-06-03T21:33:25.4166667+00:00

    Using 3rd party migration tools are not supported by Microsoft in this kind of scenarios. If you want the supported method, then a device reset\re-image is the recommended way. Maybe use this as an opportunity to go Entra ID join only.

    0 comments No comments

  2. Wesley Li 9,900 Reputation points
    2024-06-11T07:00:13.01+00:00

    Hello

    By saying "Migrating", do you mean copy the disk device to another disk?

    I am afraid this is not a offcial support scenario.

    Unsupported Scenarios

    The following scenarios are not supported:

    • On all versions of Windows, to reconfigure an existing installation of Windows that has already been deployed is not supported. Sysprep must be used only to configure new installations of Windows. You can run Sysprep an unlimited number of times to build and configure your installation of Windows.
    • Moving or copying a Windows image to a different PC without generalizing the PC is not supported.

    Sysprep (System Preparation) Overview | Microsoft Learn

    To ensure the data safety, we may try to decrypt the bitlocker driver. At least, we need to backup the important data before we take any actions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.