Microsoft BitLocker Reviews

We've been using BitLocker to secure our user systems.

One significant aspect is that without the BitLocker key, you can't log in to the user's laptop. I appreciate the capability to encrypt the user's hard drive, ensuring access only with the recovery key. In an enterprise setup, we store all BitLocker keys on our server. 

So, whenever a user attempts to log in, the architecture authenticates with the key. This ensures that our data is secure. Even if the user's laptop is lost, we have confidence that the data remains inaccessible. So far, our user data is well-protected.

For improvement, as it is now, I do not have any support from anyone. There should be a web interface to manage BitLocker. But for now, all I do is just install a new product on the user's machine and create it. 

I would like to be able to see everything that is happening, even if it is just through a web interface. I would also like to be able to see how many users are provisioned, which users are using BitLocker, and how to disable or enable it.  That's what I would like to see.

I've been using this solution for over seven years.

We're utilizing BitLocker, albeit an older version, to secure our user systems.

I've used it for the last seven years, and it's been reasonably stable. As long as Active Directory is up and running, then BitLocker is also fine for us.

It is very scalable. There are about 150 to 200 users using this in our company.

We plan to increase the further usage. The more mobile devices and laptops we buy, the more licenses we require for those users.

With newer versions of Windows,  the initial setup has become better. It was a challenge with Windows 8 because you needed to first put the TPM in a certain mode and things like that. Where Windows 10 or Windows 11, once we enable BitLocker, it could be straightforward. So, there's been a lot of improvements in that.

We have the expertise in-house, so we do it ourselves. The deployment is straightforward. You just go to one of your Active Directory components and enable BitLocker.

Enabling it on the server to allow users to come back to it, install the TPM on the user system, and then create the team and share it with the user. That's all. So it's straightforward. One of the most common times to add a system is when it's locked out on a user's machine. It takes us about 10 minutes then.

We require around two admins and technicians for the deployment and maintenance of the solution.

I have seen a return on investment because it's ensured that even when laptops are stolen, the users' data is protected because it's encrypted.

For the version that comes on the machine, you don't need a license. But you may need a license for support. We need to license users on the individual virtual system.

Although, the license should be part of the product.

I would highly recommend it. Even personal users should enable it. I encourage them to print out a copy of their recovery key and keep it somewhere safe.

Overall, I would rate the solution an eight out of ten. 

Whole Disk Encryption is great. BitLocker runs seamlessly during boot up. I also liked that it did not conflict with Windows, most likely since it was created by the makers of Windows, Microsoft.

BitLocker provides the common person with great security to guard against most threats consisting of efforts by unauthorized people who try to gain access to the computer by not allowing it to boot up absent a password.

There are options which could be implemented to make it a little more like PGP Whole Disk Encryption, but given the fact BitLocker is readily available, and has no known conflicts, I think it is a great product to secure against unauthorized access.

I have used and recommended BitLocker to people in the corporate and high net wealth arena.

Despite some bad press and conspiracy theories, I trust the product, but do recommend using a secondary effort such as encrypting a partition of the drive. This is helpful in the event BitLocker is compromised; using PGP with a different password (at least 20 characters; do not use words, of course).

We have not encountered any stability issues. I have heard some computers using other whole disk encryption solutions can freeze up at times; I have not heard of such with BitLocker.

We have not encountered any scalability issues.

I have never needed to use customer service; however, corporate customer care at Microsoft is great at resolving issues.

I like the domestic support team; have yet to have an issue with them.

We did not previously use a different solution.

The initial setup was straightforward; very simple to install and modify from 128-bit to 256-bit encryption, 256-bit being the government standard for "Top Secret" information.

I did not use a vendor team to implement it.

We use the solution to secure endpoints.

Microsoft BitLocker's most valuable feature is endpoint encryption, and it's quite easy to manage. Microsoft BitLocker's data protection is the most useful for mobile endpoints like laptops.

The management of the product could be made a little easier.

I have been using Microsoft BitLocker for 5-6 years.

I rate the solution ten out of ten for stability.

Around 50 users are using the solution in our organization.

I rate the solution’s scalability ten out of ten.

We didn't pay for additional licenses since the solution is built into Windows.

Before choosing Microsoft BitLocker, we evaluated Trend Micro.

I use the latest version of Microsoft BitLocker. We didn't have any specific incidents where we needed to use the solution's recovery process. However, if there's a problem unlocking devices, it's pretty simple to manage.

The solution is not complicated to manage. Microsoft BitLocker is transparent to end users, and they are unaware of its existence. It doesn't impact their performance in a measurable way, and we don't have any problems with it.

Microsoft BitLocker is a very useful tool for managing endpoints, especially mobile ones, and ensuring that data is not leaked. The solution's drives are integrated into the mobile workstation. We require one person as a backup to maintain the solution, which is not time-consuming. It just takes a few hours every month. I would recommend the solution to other users.

Overall, I rate Microsoft BitLocker ten out of ten.

We use Microsoft BitLocker to encrypt employee devices for data protection.

The platform provides good performance.

The deployment process regarding prerequisites and automation could be easy to understand. It could be more transparent. Documentation should be more accessible and simplified, particularly directed towards small organizations, making it understandable for smaller setups.

A centralized management console with a web interface or dashboard for an implementation overview could exist.

We have 20 Microsoft BitLocker users in our organization. I want to deploy it on as many systems as possible for clients or users.

I refer to the support's knowledge base to resolve any issues.

The initial setup must be easy, but I couldn't understand the process. Some devices can automatically activate it. However, the documentation makes it seem like a complicated project to deploy. I would like to understand clearly how it works.

We work with an external IT service provider for the deployment.

The product's cost is included in Windows.

I recommend Microsoft BitLocker. It protects our endpoints and company data and helps secure the infrastructure. In case of suspicious activity, our data remains inaccessible.

However, they should also explore other easier options for IT professionals to understand. I rate the platform a six out of ten.

We use it for encrypting data and storage for the most part. We keep it up to date in terms of the version.

It basically brings us in compliance. We are required to encrypt the handling of data, the transmission of the data, and storage of the data. So, when people are working with the data, and they download it to the laptops, we can safely say it is encrypted at that point to meet our requirements. It is pretty transparent to the end-user since the encryption is done without them really doing it.

Our need was to protect our portable devices. So, our thumb drives get automatically encrypted. Any attached storage gets automatically encrypted for our laptops in case they get lost or stolen when people travel.

I liked the way it works with our Microsoft tools. As we roll out Intune, we can validate if the device has been encrypted, and if not, we can push it down. It is pretty simple to deploy. 

Their interoperability with our tools, which are the Microsoft tool, can be improved. It needs to be geared towards more of the wraparound of the zero trust. There are solutions we're looking at that do encryption plus X, Y, and Z. So, we're looking at the ability to wrap around the product with other features.

The biggest one for us is revoking access. So, even though someone downloads something to a device, we want the ability to cloak that device or data and bring it back or make that data unusable for that person. Currently, BitLocker doesn't give us that ability. It basically encrypts it. We're seeing if identity management or IAM allows us to do that. We're kind of looking at third-party software that does that for us.

Usually, Microsoft sees what other third-party companies do and then either adopts it or buys the third-party company, and that's kind of what we're looking into. That's our need. It'd be a lot better if it was all under one mirror or one window, instead of having a couple of different vendors working on it. So, if Microsoft could solve that, it would be awesome. They should look at the third-party enhancements that people are doing, and then take the encryption a step further by adding those features to BitLocker. Microsoft has different components. They have identity management, but is it tied to encryption? BitLocker is mostly tied to devices, but it would be best for me if I get a piece of data and I am able to encrypt it all the way through using BitLocker. Currently, BitLocker is basically tied at the device level instead of the data level.

I would just like them to look at what other people are doing in terms of encryption as a whole and offer the encryption not only tied to the device, but also to the file level. They should add features on that in terms of access control and reporting. We should be able to see who has access to it and who has touched a file. So, we're going towards the zero trust model and the zero trust reporting. It is a "We don't trust anybody" type of deal. So, it is not just the device, it is the data. They should try to wrap it around the data at the file level and not at the device level.

I have been using this solution for about three years.

So far, so good. We haven't had too many problems with managing the keys or anything else. Probably the only concern is that we manage it. Individuals are not doing it themselves. The other thing is as we take over companies or merge companies, or the other way around, we have to make sure that we get those keys to the kingdom per se. So, we always got to look out for that as well.

So far, so good. Mostly, anything we deal with Microsoft is pretty scalable. Again, it is kind of tied to devices, but you can essentially manage it, which makes it simple.

In terms of its usage, we force it on everybody, so it is non-binding. No matter who you are in a company, if you have a managed device, it is going to be encrypted. It is a requirement, so it is being used extensively. Its usage will increase as the number of employees increase.

I don't think we've had many issues with them. We push it through our SolarWinds product, so for most of the issues we've had, we probably had to deal with SolarWind's side to make sure that everything was pushed correctly. We didn't go to the Microsoft side. Our software vendor might have dealt with Microsoft directly but not us.

The only solutions that we've had in place were standalone encrypted thumb drives. We had not rolled out BitLocker until then, so we had a need to encrypt thumb drives. We had bought Aegis thumb drives that came encrypted. After we got the encryption rolled out, when someone connected a thumb drive, it was automatically encrypted, or they couldn't store data on it. Once we went to that method, we didn't purchase any more Aegis encrypted thumb drives.

We have it on-prem, and we have a couple of devices in the cloud, but we are a hybrid environment. Our main thing was to get it on our traveling laptops and protect them. We push it through another vendor, not Microsoft. We push it through another SolarWinds vendor, and then we push it down. The only thing that we've had problems with was that the encryption level wasn't as high as we needed it by default. So, we had to do some tweaking to get the correct encryption level that we wanted. It is all default. So, you have to be aware of how you deploy it. If you deploy it one way, it doesn't really fully encrypt the machine.

It took days only because it was a slow rollout. It was intentionally a slow rollout. It didn't take long to do it, but we just wanted to make sure it was done right and correctly.

We just implemented it in-house. In terms of maintenance, it is a small staff. We rely on our software to help us with the patching and everything. We have reports that kickback to us. If for some reason, encryption was turned off or encryption wasn't deployed correctly, we'd get reports sent to us. So, a lot of stuff is automated in terms of monitoring the compliance to encryptions, and our response to that is pretty fast. We just manage it with our current staff. We don't have anybody directly tied to just doing that.

I don't know the costs. In terms of Microsoft licensing, we are at E3 on the business, and we're in the process of pricing out and moving to E5. So, a lot of this is included within our licensing agreements.

If you don't implement this, you have to implement something else. You have to have some type of encryption. In the past, people wanted a layered approach to security. They wanted to have different vendors, and they wanted it to be able to have that overlap of vendor support on security, but the reality is that everybody looks to Microsoft. If you look at the SolarWind attack, who do they go to help resolve it? They went straight to Microsoft. Therefore, we're getting away from that thought process of divide and conquer. We're just trying to align everything up with a single pane of glass so that we can build on our Microsoft tools. In the past, we would have resisted being tied to one security.

I can't rate it any lower than eight out of 10. The only reason why I don't rate it a 10 is that they can do more with it. It is good at what it does, but it needs to do more. It is never going to get a 10 from me because it is never going to be perfect, but there is more to do. 

We use Microsoft BitLocker for hard drive encryption.

The product helps us to encrypt local devices. It allows us to protect devices against theft and unauthorized access.

Microsoft BitLocker's most valuable features are stability and simplicity in terms of usage.

They could improve cloud integration regarding attribute and encryption key management.

We have been using Microsoft BitLocker for five years. At present, we use its latest on-premises version.

I rate the product’s stability a ten out of ten.

We have Microsoft BitLocker installed on 5000 devices in our organization.

We have an in-house technical support team.

We attempted to use some other products before. But only Microsoft BitLocker proved suitable for our business requirements.

We deploy the product in the client’s environment using group policy configuration. It takes a week to complete the process.

We already use Microsoft products, and Microsoft BitLocker is an add-on product that is free of cost for us.

I rate Microsoft BitLocker a nine out of ten.

We use the solution for laptops assigned to sales in case it’s lost or stolen.

The solution is included in Windows 11.

The product must improve the centralization of keys. BitLocker is not perfect. Sometimes, we have problems when Windows tries to start. It shows that the key is not available.

I am using the solution currently.

It is a stable solution.

We check the Microsoft forum to resolve issues.

The initial setup is not complex.

We can activate the product at no cost. We're just taking advantage of what is included in Windows.

We have individual files when IT support prepares the computers. We have the information to replace an SSD or increase the size. We need to remove BitLocker, change the drive, put it back, and encrypt it again with BitLocker. We can check the way the encryption is used because it is centralized. It is good to test the features and centralize the encryption. Overall, I rate the tool an eight or nine out of ten.

The primary use case of this solution is to encrypt all of our laptops. If they are ever lost then they are useless to anybody, unless they have the key. 

Our keys are stored in our Active Directory, making it impossible for anyone to decrypt what we have in our devices.

The most valuable feature is the simplicity and integration with the Microsoft Clouds platform. I can store the keys to the devices kept in my Active Directory in Microsoft Azure.

In the next generation, it could have a higher level of encryption.

I would like to be able to encrypt our cloud tenancy.

I would like to have the ability to encrypt a cloud-based server with BitLocker.

I have been using this solution for six months.

The stability is fine. It has no impact on performance or negligible impact on performance. No one notices.

The scalability is essentially unlimited.

We have 60 users who are everyone from the CEO to the standard line worker.

Everyone in our organization is encrypted with BitLocker, in addition to all of our devices. 

All of our laptops, PCs, and all of our interactive devices are encrypted with BitLocker.

I have contacted Microsoft technical support for other issues and they are very responsive and very quick to follow up. 

Solutions are not always there, but I find Microsoft support reasonable.

I haven't needed technical support for BitLocker.

There was no other solution in place. We deployed BitLocker because it fits within our strategy for the environment that we were building, which is a no-infrastructure infrastructure.

The initial setup was very simple.

We expected that the devices had to encrypt themselves once we initiated BitLocker.

Deploying them and having the encryption run only took a few days to implement. This was all being done in the background and no one was impacted while they worked.

We only need one staff member for deployment and no one for maintenance, as it is auto-updating from the Microsoft Cloud.

We implemented this solution internally. 

The cost of this solution is bundled in with part of the subscription for the Microsoft Cloud. 

We have users subscribed to Enterprise E5 and it comes with E5.

We researched a few websites for comparative encryption, but we didn't want to introduce another vendor. BitLocker satisfied all of the criteria that we had. We don't need any military-grade or any military level or anything beyond those capabilities.

We have no infrastructure. Everything we have, our entire infrastructure, has moved and it's in the Microsoft Azure cloud.

This solution does everything that we need it to do. It is very convenient and it fits into our strategy of having everything in a homogeneous Microsoft Cloud. 

It is difficult to rate anything a ten as there may be future bugs or features that may be introduced, or if someone can discover how to hack it. At this time, we feel very safe and very covered with the encryption levels that we have with BitLocker.

I would rate this solution an eight out of ten.