BitLocker-based Device Encryption and Azure Active Directory

Now in Windows 10, Device Encryption can automatically encrypt devices that are joined to an Azure AD domain.

Jan De Clercq

September 4, 2015

1 Min Read
Abstract image of data encryption concept
Getty Images

Q: Can I use BitLocker-based Device Encryption for Windows computer accounts that are joined to an off-premise Azure Active Directory (AD)?

A: Yes, this is possible starting with Windows 10. Device Encryption can now automatically encrypt devices that are joined to an Azure AD domain. Also, when the device is encrypted, the BitLocker recovery key will be automatically stored in the Azure AD instance.

Microsoft introduced BitLocker-based Device Encryption in Windows 8.1 and Windows Server 2012 R2. It protects the OS drive and any fixed data drives on the system using 128-bit AES-based BitLocker encryption. To support device encryption, the system must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems. See the following URL for more information on ConnectedStandby: https://msdn.microsoft.com/en-us/library/windows/hardware/dn481238(v=vs.85).aspx.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like