Manage BitLocker settings on Windows devices

Each Microsoft BitLocker configuration available in KACE Cloud Library can be associated with one or more managed Microsoft Windows devices. MS BitLocker allows you to encrypt one or more drives, to secure your data and prevent unauthorized use.

You can apply each BitLocker configuration from the Library to one or more MS Windows drives, or alternatively use policies to associate BitLocker configurations with specific Windows drives.

To apply BitLocker settings to managed devices:

  1. To apply a BitLocker configuration to one or more Windows devices using the Devices tab:
    1. Select the Devices tab in top navigation.
    2. Select one or more Windows devices in the list.
    3. In the right panel, click Security.
    4. In the Security area that appears, under Windows, click Set Configuration.
    5. In the Encryption Configuration Library view that appears, select the newly created BitLocker configuration, and click Apply to Device.

    For more information about working with devices using the Devices tab, see Managing devices.

  2. Optional. Verify BitLocker settings on a managed Windows device:
    1. Log in to the managed Windows device.
    2. In Control Panel, go to BitLocker Drive Encryption.
    3. On the BitLocker Drive Encryption page, review the settings associated with Operating System, Fixed, and Removable Drives. If BitLocker is enabled, this is indicated in each applicable section.

      NOTE: Windows administrators can choose to turn off BitLocker, as needed. This is default Windows behaviour.

  3. To apply this BitLocker configuration to one or more devices using policies:
    1. Select the Policies tab in top navigation.
    2. Complete one of the following steps:
      • To create a policy, click Add New.
      • To edit an existing policy, click an individual policy to open the policy details.
    3. In the Applies Tosection, select one or more labels associated with target devices. For more details about labels, see Using labels to group similar items.
    4. In the right pane, in the Resources tab, click Add Resources to open the drop-down list, and then click Security to open a dialog.
    5. Slide the Link toggle to link/unlink a newly created BitLocker configuration.
      • To link the BitLocker configuration to policy, slide the Link toggle to right. The color of the toggle changes to green indicating the resource is linked.
      • To unlink a previously linked BitLocker configuration, slide the Link toggle to left. The color of the toggle changes to red indicating the resource is unlinked.
    6. (Optional) In the Options column, click the icon to open Resource Options dialog. Select one of the following Compliance Type:
      1. Include - Select this option to include the resource when determining the compliance status.

        NOTE: By default, all the Resources in a policy are included in compliance checks.

      2. Exclude - Select this option to exclude the Resource when determining the compliance status.
    7. Click Add Resources to associate the BitLocker configuration to the policy. You can view the resource in the Resources pane.
    8. Click Push Resource to deploy the added BitLocker configuration to the target devices or users.
      For more information about policies, see Using policies to manage device configurations.