Taking Control of Unmanaged BitLocker Devices

You can do a takeover of BitLocker-encrypted devices that are not managed by Endpoint Security, and make them centrally managed. You can do this using BitLocker Management or Check Point Full Disk Encryption.
  1. Define and install a Full Disk Encryption policy with BitLocker Management.

    Follow these guidelines:

    • Define a Full Disk Encryption rule that applies to the entire organization or only to the entities that need BitLocker Management.

    • In BitLocker Encryption Settings, select Windows Default as the Encryption Algorithm. This is important because it leaves the existing BitLocker encryption in place. Selecting another algorithm explicitly may result in a re-encryption, if the existing algorithm does not match the algorithm in the policy. It is a good idea to avoid re-encryption because it can take a long time. The time it takes depends on the disk size, disk speed and PC hardware.

  2. Follow the procedure for To take control of unmanaged BitLocker devices using BitLocker Management:.
  3. After the devices are under Check Point BitLocker Management, define a rule with Check Point Full Disk Encryption that applies to the Entire Organization or only to the entities that need Check Point Full Disk Encryption.
When you change the encryption policy for clients from BitLocker Management to Check Point Full Disk Encryption, the disk on the client is decrypted and then encrypted. This causes the disk to be in an unencrypted state for some time during the process. We recommend that you do not change the encryption policy for entire organization in one operation. Make the change for one group of users at a time.