BitLocker Encryption for Windows Clients

BitLocker encrypts the hard drives on a Windows computer, and is an integral part of Windows.

Check Point BitLocker uses the Endpoint Security Management Server, Client Agent and the Endpoint Security UI to manage BitLocker.

BitLocker Management is implemented as a Windows service component called Check Point BitLocker Management.

It runs on the client together with the Client Agent (the Device Agent).

Check Point BitLocker Management uses APIs provided by Microsoft Windows to control and manage BitLocker.

Configuration options:

Setting Description
Initial Encryption
  • Encrypt entire drive - Recommended for computers that are in production and already have user data, such as documents and emails.
  • Encrypt used disk space only - Encrypts only the data. Recommended for fresh Windows installations.
Drives to encrypt
  • All drives - Encrypt all drives and volumes.
  • OS drive only - Encrypt only the OS drive (usually, C:\). This is the default.
Encryption algorithm
  • Windows Default - This is recommended. On Windows 10 or later, unencrypted disks are encrypted with XTS-AES-128. On encrypted disks, the encryption algorithm is not changed.
  • XTS-AES-128
  • XTS-AES-256
Note:

To take control of a BitLocker-encrypted device, the target device must have a Trusted Platform Module (TPM) module installed.