Introducing BitLocker To Go Support

Today a quick blog on another feature that some of my customers have been asking for:

VMware Workspace ONE UEM release 2105 introduced and extension of the current BitLocker management capabilities: support for BitLocker To Go.

‘BitLocker To Go’ is BitLocker Drive Encryption on removable data drives, like USB flash drives, SD cards and External hard disk drives.

The cool thing about this support is that it makes management a whole lot easier and more fool-proof. When you enable BitLocker with just the native Windows 10 options, you are personally responsible for the backup of your encryption key. This can be painful because it’s very easy to lose track of your backup.

What WS1 UEM does is twofold: it reduced the 10-step wizard to just 1-step: please choose a password.
And secondly it creates a recovery key in the WS1 UM database, so any WS1 UEM admin can help customers recover their encrypted USB thumb drive.

To get started, just select the Enable BitLocker To Go Support check box in your encryption policy. Find the encryption profile in the console at Devices > Profiles & Resources > Profiles:

When you enable support, users are prompted for a password, encryption happens and Workspace ONE UEM escrows the recovery key for the drive:

Once encryption is started, the removable drive is read-only until the encryption process is finished:

Users enter this password every time they access the removable drive on their devices:

The status of the encrypted removable drive is shown in Windows:

If users forget their passwords, you can recover the drives using the recovery key stored in the console at Devices > Profiles & Resources > List View > Removable Storage tab. If you see a large list of recovery IDs, use the available filter functions to find the exact key you need.