I had problem recently where I encountered a prompt for Bitlocker keys missing but I never installed it. Bitlocker allows encryption on your hard drive so no one can access the data. Encryption on Mac hard drives are enabled by default. Microsoft license agreement with PC manufacturers is that systems must ship with BitLocker DISABLED. Microsoft ultimate plan is to enable it and have a encryption key.
How does Microsoft enable Bitlocker encryption when it is disable by default?
The new computer setup asks if you want to setup a Microsoft account. Most people choose yes by default. This enables features line OneDrive, find my PC, and other online features. They neglect to mention that they enable Bitlocker.
Great, where do I find my missing Bitlocker keys?
It depends. I know a business account that the individual manages can be found in Windows settings.
You are then redirected to a website… https://myaccount.microsoft.com/device-list
What if I manage Bitlocker through Intune?
The BitLocker is configurable through two different locations.
- Endpoint Management > Devices > Platform Types (This will enforce a policy based on OS Platform and applicable if a device meet the compliance policy)
- Endpoint Management > Endpoint Security > Disk Encryption (This will enforce BitLocker without a compliance policy)
I think we should configure the BitLocker via the 2nd option instead of the 1st one. The current documentation is for the 1st option. In most cases, it fails to apply. We will discuss this in our Intune call. I have this in my notes.
What if I don’t have a Business account?
Check out this video