One Sign On
You think Bitlocker can only do single sign-on? Then you should look at third-party options. You need to think again! This comprehensive session will feature Erdal Ozkaya (MVP and Ph.D. IT Security) and Milad Aslaner (Program Manager at Microsoft), who have teamed up to discuss common myths and to provide information about BitLocker, Pre Boot Authentication attack mitigations and mitigations as well as how to secure BitLocker SSO.
BitLocker Drive Encryption integrates with the operating systems and addresses data theft and exposure from lost, stolen or improperly decommissioned computers.
BitLocker offers the best protection when used in conjunction with a Trusted Platform Modul (TPM) version 1.2.2 or later. The TPM is a hardware component that is installed in many computers made by computer manufacturers. BitLocker works in conjunction with the TPM to protect user data and ensure that computers are not tampered with when they are offline.
BitLocker can be used to encrypt the Windows operating-system drive on computers without a TPM version 1.2. To start the computer or resume hibernation, the user will need to insert a USB Startup Key. To protect the operating system volume on a computer that is not protected by a TPM, you can use an operating-system volume password starting with Windows 8. Both options don’t provide BitLocker’s pre-startup system integrity validation that is available with a TPM.
BitLocker allows users to lock the normal startup process until they provide a personal identification number (PIN), or insert a removable device such as a USB flash disk that contains a startup code. These security measures add multifactor authentication to ensure that the computer does not start or resume hibernation without the correct startup key or PIN.
A computer that has been stolen or lost data can be accessed by anyone. They can either run a software-attack tool against the computer or transfer the computer’s hard drive to another computer. BitLocker enhances file and system protections to prevent unauthorized data access. BitLocker helps to make data inaccessible when BitLocker protected computers are decommissioned or recycled.
You can also use the Remote Server Administration Tool to manage BitLocker.
New and improved functionality
Find out what’s new with BitLocker for Windows such as support for XTS-AES encryption algorithms, by visiting the BitLocker section of “What’s New in Windows 10.”
BitLocker requires the following hardware requirements:
BitLocker can only use the system integrity checks provided by a Trusted Platform Modul (TPM) if the computer has TPM 1.2 or higher. To enable BitLocker, your computer must have a TPM.
A computer equipped with a TPM must also be equipped with a Trusted Computing Group-compliant BIOS/UEFI firmware. The BIOS/UEFI firmware creates a trust chain for the startup of the pre-operating systems. It must also support TCG-specified static root of trust measurement. TCG-compliant firmware is not required for a computer that does not have a TPM.
The system BIOS (for TPM and other computers) must support the USB mass-storage device class. This includes reading small files from a USB flash drive in a pre-operating environment.