BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. It provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later (2.0) as at the time of writing this guide. The TPM is a hardware component installed in many newer computers by device manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline. Kindly refer to these related guides: How to clear, enable or disable TPM in Windows via the BIOS or UEFI, MBAM reports cannot be accessed because it could not load folder contents, BitLocker Drive Encryption architecture and implementation types on Windows,
On computers that do not have a TPM version 1.2 or later, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both option do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
Here are some relevant guides: How to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines, how to clear the TPM via the management console or Windows Defender Center App, and MBAM reports automatic E-mail notification: How to create MBAM Enterprise and Compliance, and Recovery Audit reports.
In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented. You may also want to seethis guides: “Implemented MBAM? Here is how to hide the Default BitLocker Drive Encryption item in the Windows Control Panel, and how to fix missing BitLocker Recovery Tab in Active Directory Users and Computers.
Unlock a fixed drive protected by BitLocker via the Control Panel
As we can see below, the drive is currently encrypted and locked. In order to make the drive usable again, you will need to unlock it using its recovery key. Kindly refer to these related guides on BitLocker Keys recovery: How to backup existing and new BitLocker recovery keys to Active Directory using a simple script, and how to delegate control for Bitlocker recovery keys in Active Directory.
Since the drive we wish to decrypt is locked, will have to right-click on the drive and then select the ‘Unlock Drive’ to unlock it.
Most times, these Recovery keys are saved to a USB, Active Directory, or the MBAM, etc just as you have configured it for your environment.
– Then, enter the password and click “Unlock” to unlock the drive. This 48-character recovery password will decrypt the drives, granting access to the volume.
If this device was to be procted by MBAM, you can get this key via the MBAM helpdesk, database, or selfservice recovery portal!
As you can see below, the Drive is unlocked and can be used as you wish. I highly recommend you to take a look at these guides: Disable BitLocker (MBAM): How to correctly disable Microsoft BitLocker Administration and Monitoring encrypted devices, and how to deploy Microsoft BitLocker Administration and Monitoring Tool.
Unlock a fixed drive protected by BitLocker via the Command Prompt
Could you also unlock a BitLocker drive from an elevated Command Prompt? All that is needed from you is to type this command and press Enter.
manage-bde -unlock d: -passwordWhen prompted, type the BitLocker password for this drive and hit Enter. It will unlock your drive immediately.
I hope you found this blog post helpful. Please let me know in the comment session if you have any questions.