none
Suspend bitlocker behaviour RRS feed

  • Question

  • Hi what expected behavior of BitLocker if I set it to "always" in computer agent client configuration?

    I set it to "Never" like captured below because I saw that the computers I sent a notification to restart didn't resume Bitlocker Protection automatically.


    Cherif Benammar

    Tuesday, March 17, 2020 12:31 PM

Answers

  • That's expected. It should resume after a single reboot but only if you set it to Always. As noted, setting it to Never as you've noted has no functionality.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 17, 2020 1:56 PM

All replies

  • If you set it to Always, then no PIN will be required when the system is restarted by ConfigMgr.

    If you set it to Never, then there is no functionality to this setting.

    See https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/about-client-settings#suspend-bitlocker-pin-entry-on-restart


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 17, 2020 1:24 PM
  • The command line to disable bitlocker can decide how many restarts after which bitlocker will be resumed, it seems that configmgr doesn't set any number for that, isit expected or a bug?

    Cherif Benammar

    Tuesday, March 17, 2020 1:52 PM
  • That's expected. It should resume after a single reboot but only if you set it to Always. As noted, setting it to Never as you've noted has no functionality.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 17, 2020 1:56 PM
  • It should resume after one restart, as expected. What I saw here that it doesn't resume. on 400 clients, that's why I set it to "Never".

    Cherif Benammar

    Tuesday, March 17, 2020 2:06 PM
  • Have you examined the BitLocker event log for more information?

    You may need to open a support case if you are not seeing the expected behavior.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 17, 2020 2:27 PM
  • Thus, the answer is that "configmgr suspends BitLocker for only one restart".

    Cherif Benammar

    Tuesday, March 17, 2020 2:31 PM
  • Correct.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 17, 2020 2:33 PM
  • Hi,

    Thank you all for clarifying the issue. It may help others who have similar issue.  Here's a short summary for the problem.

    Problem/Symptom:
    ===================
    What expected behavior of BitLocker if we set it to "Always"/"Never" in computer agent client configuration?

    Conclusion:
    ===================
    Configmgr suspends BitLocker for only one restart if we set it to Always.
    There is no functionality to this setting if we set it to Never.

    Thanks again for your time.

    Best regards,
    Simon

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 18, 2020 2:47 AM