Take a look at the article I posted above. it explains the purpose of enabling preboot authentication (pin). For what it’s worth, this is exactly what happens when you enable filevault on a modern Mac as well. They are encrypted from the factory, but turning on file vault enables a preboot screen. I often find myself having this argument with other IT people that work in less secure environments. I think if you (anyone reading this that doesn’t understand why a pin is necessary. ) take a look at the article then it will make more sense.
Detect Machines that have the same bitlocker startup pin set
jaybird283
591
Reputation points
Is there any way to detect which machines in our environment have the same bitlocker startup pin set? Maybe something that could be done with a hash value (since i doubt the pin is in any human readable format). Basically i am just wanting to make sure that some PC deployment techs didn't go rogue and deploy a bunch of machines with the same pin.