BitLocker Management in Zecurit
BitLocker Management in Zecurit gives IT administrators centralized control over BitLocker drive encryption across all Windows endpoints, without requiring manual configuration on each device. From a single console, you can create encryption policies, configure authentication methods, manage recovery keys, and generate compliance reports at scale.
This section of the help documentation covers everything you need to know about setting up and managing BitLocker through Zecurit, from initial prerequisites to ongoing compliance monitoring.
What You Can Do with BitLocker Management
Zecurit’s BitLocker Management module enables you to enforce full-disk encryption across your entire Windows device fleet from one place. You can define separate encryption policies for different device groups or departments, configure how BitLocker authenticates on machines with and without TPM chips, and ensure recovery keys are automatically backed up for every managed device.
The module is built into Zecurit’s Configuration Profiles system. Once you create a BitLocker policy profile and publish it, the Zecurit agent on each enrolled device applies the settings automatically during the next check-in, no user action or manual IT intervention required.
Key Capabilities
Zecurit BitLocker Management supports the following core capabilities:
Drive Encryption control with a single on/off toggle that applies to all enrolled Windows endpoints in the assigned device group.
Authentication Type configuration for both TPM-equipped and non-TPM devices. For TPM devices, you can choose TPM only, TPM + PIN, or TPM + Enhanced PIN. For devices without TPM, you can require a passphrase or opt for no encryption.
Password Settings that control whether users can postpone the encryption password request and for how many days, or whether the system enforces encryption immediately.
Encryption Options that let you choose between encrypting only the OS drive, encrypting only used disk space, or applying full-drive encryption. You can also select the encryption algorithm (AES-128, AES-256, XTS-AES, or Default).
Recovery Key Management with automatic backup to your Active Directory domain controller and configurable key rotation periods to ensure recovery keys remain fresh and secure.
How BitLocker Policies Are Applied
BitLocker settings in Zecurit are defined inside a Configuration Profile. When you create a new profile, you select BitLocker as one of the policy modules, configure your settings, and then publish the profile. Profiles are then assigned to specific device groups or individual devices.
Once assigned, the Zecurit agent on each device checks in and applies the policy. Encryption begins automatically in the background without interrupting the user’s session, depending on your password enforcement settings.
In This Section
This documentation section is organized into the following pages to help you get the most out of Zecurit BitLocker Management:
Guide to BitLocker Compliance : Understand the regulatory frameworks that require encryption and how Zecurit helps you meet them.
Create BitLocker Policy : Step-by-step instructions for configuring a BitLocker profile in Zecurit.
Policy Association & Deployment : How to assign and deploy a BitLocker profile to your device groups.
Encryption Pre-Requisites : Hardware, OS, and account requirements before enabling BitLocker policies.
Audit & Reports : How to view encryption status, generate compliance reports, and monitor TPM health.
Recovery Key : How to view, retrieve, and manage BitLocker recovery keys in Zecurit.
Role Based Access Control : Control which team members can create policies, view recovery keys, and generate reports.
How it Works : A technical overview of how Zecurit delivers BitLocker policies to endpoints.
FAQ : Answers to common questions about BitLocker Management in Zecurit.