New to BitLocker, Trying to implement in environment where only Company Computers can be used, not all computers on Network

Abram Kaufman 1 Reputation point
2021-02-02T00:33:40.693+00:00

I am new to BitLocker. I am being asked to implement in a company with the following setup

  1. Many computers are on premise connected to AD
  2. Some computers are on premise connected on a private network and can NEVER be connected to AD
  3. Some computers are off premise being used not connected to VPN
  4. All computers have Cylance Device Protection on them so even before a user can plug in a USB Device we would grant security in Cylance

Want to encrypt with BitLocker but Flash Drives and External Hard Drives can only be used on Company Computers

Seems like I could use a combination of SID Protector and Auto-Unlock or Password, but how do I enforce that Auto-Unlock or Password can only work on Company Computers?

Is there a more detailed implementation guide available on Auto-Unlock

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jenny Feng 14,081 Reputation points
    2021-02-02T06:31:09.573+00:00

    @Abram Kaufman
    Hi,
    You could refer to the guide below:
    https://4sysops.com/archives/unlock-bitlocker-encrypted-drives-with-auto-unlock-or-sid-protector/
    Read the article about the requirements of SID protector:
    https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.