Vault™ > BITLOCK: Planning and Deploying BitLocker Drive Encryption

Access to the Vault™ requires an active Microsoft Live Subscription.

Login Buy Subscription

BITLOCK: Planning and Deploying BitLocker Drive Encryption

By Mike Danseglio
2 Days
Live Class Recording
March 13, 2024
Course Description

This 2-day instructor-led BitLocker training course teaches you everything you need to know about BitLocker. This course includes hands-on labs. These labs reinforce and expand on the instructor-led portion by having you actually deploy and operate BitLocker. You’ll practice techniques for setting up a BitLocker-enabled environment, implementing BitLocker on multiple system configurations, and recovering BitLocker after the detection of a possible compromise.

Data security is an increasingly critical part of IT. More and more organizations require data encryption in order to meet regulatory security requirements. BitLocker Drive Encryption is a popular choice to meet these requirements. BitLocker is a highly effective and low-cost data encryption technology that’s built into Windows. But because of this strong protection, your organization must understand and carefully plan for BitLocker deployment to avoid data loss and system downtime.

Although the labs focus primarily on Windows 10 and Windows Server 2012, the class also applies to Windows 7, Windows 8, Windows Server 2008, and Windows Server 2016.

Course Outline

Understanding and Analyzing BitLocker

Analyzing BitLocker

  • Context and background
  • Understanding BitLocker
  • Understanding BitLocker to Go
  • Cryptography
  • Trusted Platform Module (TPM)

Understanding BitLocker

  • Pre-Boot Authentication
  • System Tamper Detection\
  • System Integrity Verification
  • Network Unlock
  • Encrypted Drive Support

BitLocker Architecture

  • BitLocker Initialization
  • BitLocker Operation
  • BitLocker Suspend and Resume
  • BitLocker to Go Architecture

 

Planning for BitLocker Deployment and Support

Planning BitLocker Deployment

  • Prerequisites
  • Examining Hardware Capabilities
  • Planning Configuration Options
  • Planning Recovery Options

IT Planning

  • Planning User Interaction Scenarios
  • Planning Recovery Key Access and Use
  • Planning BitLocker Deployment Through System Center Configuration Manager (SCCM)
  • Planning BitLocker Deployment Through Microsoft Deployment Toolkit (MDT)
  • Planning BitLocker Deployment Through Microsoft Baseline Administration and Monitoring (MBAM) and Microsoft Desktop Optimization Pack (MDOP)

User Planning

  • Identifying BitLocker Users and Devices
  • Educating BitLocker Users

 

Deploying BitLocker

Single Standalone Device

  • Configuring BitLocker Options
  • Enabling BitLocker
  • Encrypting the Drive
  • Verifying BitLocker Operation

Single Domain-Joined Device

  • Configuring BitLocker Options
  • Enabling BitLocker
  • Encrypting the Drive
  • Verifying BitLocker Operation

Multiple Devices

  • Deploying BitLocker Through Group Policy
  • Deploying BitLocker Through PowerShell
  • Deploying BitLocker Through SCCM, Altiris, and MBAM

 

Troubleshooting BitLocker Deployment and Operational Issues

Troubleshooting BitLocker

  • Normal BitLocker Use
  • Suspending and Resuming BitLocker
  • BitLocker Recovery Mode
  • Recovering BitLocker Devices
  • Preventing BitLocker Recovery Mode
  • Managing the Trusted Platform Module (TPM)
Course Content
Introduction
Introduction
Understanding and Analyzing BitLocker
Context and background
Cryptography
Trusted Platform Module
Understanding BitLocker
Bitlocker Architecture
Understanding Bitlocker To Go
Questions
Planning for BitLocker Deployment and Support
Prerequisites
Examine hardware capabilities
Planning configuration options
IT staff planning
User planning
Review
Day 1 review
Deploying BitLocker
Single Standalone Device
Single Standalone Device (Continuation after break)
Single Domain-Joined Device
Multiple Devices
Operating and Supporting BitLocker
Troubleshooting deployment issues
Bitlocker Recovery Mode
More Common Bitlocker Issues