Microsoft BitLocker Reviews

I am a solution provider in Congo and I propose products such as Microsoft BitLocker to my customers.

My clients use this solution to protect their data in cases where computers are stolen. In this region, theft of computers from companies is quite common and the data that is stored needs to be protected.

The most valuable feature is the TPM (Trusted Platform Module), which makes the PC security stronger because somebody who is not from the team cannot access the PC without the decryption PIN. If the hard drive is removed from the computer then the data is still encrypted, and even a USB key can be protected by using this solution. This makes my customers very happy.

This solution is not cost-effective and it is easy to implement.

It is very easy to deploy BitLocker on machines that are running Microsoft Windows Server 2012 because it can be done automatically.

It takes a very long time to encrypt a disk, so I think that speed is something that can be improved. It can take more than two hours to encrypt a disk with one terabyte of data. When my clients are working, they don't really like having to look at a progress bar to tell them that the disk is in the process of being encrypted. If the encryption was faster then it would make the experience more pleasant.

I would like to be able to secure the hard drives of virtual machines.

Securing data transfer such as email and the more general internet connection would be very good.

They should improve the hybrid-cloud security and protect the network instead of just securing the computers.

I have been working with Microsoft BitLocker for less than a year.

I have not heard any feedback from my clients with respect to stability.

This solution scales easily. The server is centralized and every computer that joins the domain is automatically inserted. Each one is automatically configured and synchronized.

My customers are generally small companies with less than one thousand employees, so it would not be very easy to test scalability beyond that.

I have not been in contact with technical support. Rather, I use the forum to get information. They have great documentation, as well.

My client was not using another solution prior to this one. I proposed three different products, but they chose BitLocker because it is free. IT is not well understood by the clients in my country, so we need to offer services and they have to be at a low cost. They most often prefer to use solutions that are free, or included with Microsoft Windows.

It is very easy to set up and deploy Microsoft BitLocker.

You have to set up the central server, and the configuration may take a day or two. After this, all of you have to do is go to every employee and then launch it, after they choose a personal PIN.

I had some technical issues with one of my deployments, but everything was working properly by the end of the first day. My issues arose because not all of the PCs had an updated version of Windows 10, so it took me some time to work out how to do the upgrades properly. It is important because TPM 2.0 is not supported in Legacy. 

That was the very odd part of the solution, and what we needed to do was to make sure that all of the PCs had the same type of Windows license. Once this was done properly, most of the PCs could be encrypted at the same time. It still required going to every PC though, because each needs to be given a PIN and configured. This was a disruption to some of the employees and it would be better if IT had total control, being able to do this from a central server and then simply notifying each user of their PIN. If there were one thousand employees then this would take a really long time.

We perform the deployment of Microsoft BitLocker for our customers. Because each PC has to be checked after the server is running, it is easier to have more than one person to do this. I normally take one or two of my colleagues to assist me with this.

This solution is included with Microsoft Server and my clients did not have to pay for anything extra.

I am somewhat familiar with other solutions such as those by McAfee, Digital Guardian, and Trend Micro Endpoint Encryption. However, I do not know these products as well as Microsoft BitLocker.

Once I obtain certification on some of these other solutions, I will propose them to my clients as well. Digital Guardian is something that I have been reading about lately, and it looks very good.

The encryption solution was not something that I was really informed about, but I decided to study it and then propose it to my customers.

I propose two different deployment models; the cloud and on-premises. The internet connection fees here are expensive, so many people prefer to deploy on-site.

My advice for anybody who is implementing this solution is to have a good idea of what they want to do, prepare for it, and go for it. It is not really complex, yet it is a very rich solution to deploy.

The biggest lesson that I have learned from using Microsoft BitLocker is that it can help a lot of people, but it is not very well known. People need to be familiarized with this solution through discussion. Engaging customers and proposing it to them will really help with the security of IT infrastructure in an enterprise. You can secure all of your data, the transfer of your data, and even USB keys.

This may not be the best solution, but it is easy to deploy and easy to grow.

I would rate this solution a seven out of ten.

We use Microsoft BitLocker to encrypt employee devices for data protection.

The platform provides good performance.

The deployment process regarding prerequisites and automation could be easy to understand. It could be more transparent. Documentation should be more accessible and simplified, particularly directed towards small organizations, making it understandable for smaller setups.

A centralized management console with a web interface or dashboard for an implementation overview could exist.

We have 20 Microsoft BitLocker users in our organization. I want to deploy it on as many systems as possible for clients or users.

I refer to the support's knowledge base to resolve any issues.

The initial setup must be easy, but I couldn't understand the process. Some devices can automatically activate it. However, the documentation makes it seem like a complicated project to deploy. I would like to understand clearly how it works.

We work with an external IT service provider for the deployment.

The product's cost is included in Windows.

I recommend Microsoft BitLocker. It protects our endpoints and company data and helps secure the infrastructure. In case of suspicious activity, our data remains inaccessible.

However, they should also explore other easier options for IT professionals to understand. I rate the platform a six out of ten.

We use it for encrypting data and storage for the most part. We keep it up to date in terms of the version.

It basically brings us in compliance. We are required to encrypt the handling of data, the transmission of the data, and storage of the data. So, when people are working with the data, and they download it to the laptops, we can safely say it is encrypted at that point to meet our requirements. It is pretty transparent to the end-user since the encryption is done without them really doing it.

Our need was to protect our portable devices. So, our thumb drives get automatically encrypted. Any attached storage gets automatically encrypted for our laptops in case they get lost or stolen when people travel.

I liked the way it works with our Microsoft tools. As we roll out Intune, we can validate if the device has been encrypted, and if not, we can push it down. It is pretty simple to deploy. 

Their interoperability with our tools, which are the Microsoft tool, can be improved. It needs to be geared towards more of the wraparound of the zero trust. There are solutions we're looking at that do encryption plus X, Y, and Z. So, we're looking at the ability to wrap around the product with other features.

The biggest one for us is revoking access. So, even though someone downloads something to a device, we want the ability to cloak that device or data and bring it back or make that data unusable for that person. Currently, BitLocker doesn't give us that ability. It basically encrypts it. We're seeing if identity management or IAM allows us to do that. We're kind of looking at third-party software that does that for us.

Usually, Microsoft sees what other third-party companies do and then either adopts it or buys the third-party company, and that's kind of what we're looking into. That's our need. It'd be a lot better if it was all under one mirror or one window, instead of having a couple of different vendors working on it. So, if Microsoft could solve that, it would be awesome. They should look at the third-party enhancements that people are doing, and then take the encryption a step further by adding those features to BitLocker. Microsoft has different components. They have identity management, but is it tied to encryption? BitLocker is mostly tied to devices, but it would be best for me if I get a piece of data and I am able to encrypt it all the way through using BitLocker. Currently, BitLocker is basically tied at the device level instead of the data level.

I would just like them to look at what other people are doing in terms of encryption as a whole and offer the encryption not only tied to the device, but also to the file level. They should add features on that in terms of access control and reporting. We should be able to see who has access to it and who has touched a file. So, we're going towards the zero trust model and the zero trust reporting. It is a "We don't trust anybody" type of deal. So, it is not just the device, it is the data. They should try to wrap it around the data at the file level and not at the device level.

I have been using this solution for about three years.

So far, so good. We haven't had too many problems with managing the keys or anything else. Probably the only concern is that we manage it. Individuals are not doing it themselves. The other thing is as we take over companies or merge companies, or the other way around, we have to make sure that we get those keys to the kingdom per se. So, we always got to look out for that as well.

So far, so good. Mostly, anything we deal with Microsoft is pretty scalable. Again, it is kind of tied to devices, but you can essentially manage it, which makes it simple.

In terms of its usage, we force it on everybody, so it is non-binding. No matter who you are in a company, if you have a managed device, it is going to be encrypted. It is a requirement, so it is being used extensively. Its usage will increase as the number of employees increase.

I don't think we've had many issues with them. We push it through our SolarWinds product, so for most of the issues we've had, we probably had to deal with SolarWind's side to make sure that everything was pushed correctly. We didn't go to the Microsoft side. Our software vendor might have dealt with Microsoft directly but not us.

The only solutions that we've had in place were standalone encrypted thumb drives. We had not rolled out BitLocker until then, so we had a need to encrypt thumb drives. We had bought Aegis thumb drives that came encrypted. After we got the encryption rolled out, when someone connected a thumb drive, it was automatically encrypted, or they couldn't store data on it. Once we went to that method, we didn't purchase any more Aegis encrypted thumb drives.

We have it on-prem, and we have a couple of devices in the cloud, but we are a hybrid environment. Our main thing was to get it on our traveling laptops and protect them. We push it through another vendor, not Microsoft. We push it through another SolarWinds vendor, and then we push it down. The only thing that we've had problems with was that the encryption level wasn't as high as we needed it by default. So, we had to do some tweaking to get the correct encryption level that we wanted. It is all default. So, you have to be aware of how you deploy it. If you deploy it one way, it doesn't really fully encrypt the machine.

It took days only because it was a slow rollout. It was intentionally a slow rollout. It didn't take long to do it, but we just wanted to make sure it was done right and correctly.

We just implemented it in-house. In terms of maintenance, it is a small staff. We rely on our software to help us with the patching and everything. We have reports that kickback to us. If for some reason, encryption was turned off or encryption wasn't deployed correctly, we'd get reports sent to us. So, a lot of stuff is automated in terms of monitoring the compliance to encryptions, and our response to that is pretty fast. We just manage it with our current staff. We don't have anybody directly tied to just doing that.

I don't know the costs. In terms of Microsoft licensing, we are at E3 on the business, and we're in the process of pricing out and moving to E5. So, a lot of this is included within our licensing agreements.

If you don't implement this, you have to implement something else. You have to have some type of encryption. In the past, people wanted a layered approach to security. They wanted to have different vendors, and they wanted it to be able to have that overlap of vendor support on security, but the reality is that everybody looks to Microsoft. If you look at the SolarWind attack, who do they go to help resolve it? They went straight to Microsoft. Therefore, we're getting away from that thought process of divide and conquer. We're just trying to align everything up with a single pane of glass so that we can build on our Microsoft tools. In the past, we would have resisted being tied to one security.

I can't rate it any lower than eight out of 10. The only reason why I don't rate it a 10 is that they can do more with it. It is good at what it does, but it needs to do more. It is never going to get a 10 from me because it is never going to be perfect, but there is more to do. 

We use the solution for our endpoint. There were recovery issues because of concrete tools, operations, and recovery tokens. There was a recovery case during the system crash. You can recover the system and find out the lost data.

Microsoft BitLocker is very easy to manage and is stable. We experience very few crashes with different endpoints. We operate in a large institution and require a solution that seamlessly works across diverse systems.

Some non-enterprise security solutions offer more comprehensive tracking capabilities for stolen devices beyond device protection. They enable location tracking of the device once it connects to the internet. Additionally, they provide enhanced stability, addressing instances where encryption fails to complete and rollback attempts become problematic.

I have been using Microsoft BitLocker for a year.

The product is stable.

The solution is scalable. There are some devices where the system crashes during encryption. 

I rate the solution's scalability an eight out of ten.

The initial setup is straightforward.

We have local partners and OEMs providing support for BitLocker deployment. The technical expert handles the deployments internally.

Overall, I rate the solution a six out of ten.

We use Microsoft BitLocker for hard drive encryption.

The product helps us to encrypt local devices. It allows us to protect devices against theft and unauthorized access.

Microsoft BitLocker's most valuable features are stability and simplicity in terms of usage.

They could improve cloud integration regarding attribute and encryption key management.

We have been using Microsoft BitLocker for five years. At present, we use its latest on-premises version.

I rate the product’s stability a ten out of ten.

We have Microsoft BitLocker installed on 5000 devices in our organization.

We have an in-house technical support team.

We attempted to use some other products before. But only Microsoft BitLocker proved suitable for our business requirements.

We deploy the product in the client’s environment using group policy configuration. It takes a week to complete the process.

We already use Microsoft products, and Microsoft BitLocker is an add-on product that is free of cost for us.

I rate Microsoft BitLocker a nine out of ten.

We use the solution for data encryption. 

The tool has improved the startup of our notebooks and end-user devices. 

I would like to see improvement in the solution's central management of passwords. Currently, we install it separately. 

I have been working with the solution for more than one year. 

I would rate the tool's stability a nine out of ten. 

I would rate the solution's scalability an eight out of ten. My company has more than 3000 users for the tool. 

The tool's setup is quite difficult I would rate the tool's setup around three to four out of ten. We had to deploy the solution on thousands of machines. Hence, we implemented it in phases. 

The solution is priced low. I would rate the product's pricing one out of ten. 

I would rate the solution a nine out of ten. The solution is a Microsoft product and Microsoft should be able to help rectify any issues in the future. It has a similar integration as that of Microsoft. 

We used Microsoft BitLocker to protect our laptops from theft. We have auditors that come and check to see the security of our systems and with this solution we are secure.

The solution could improve by having a centralized GUI for management.

I used Microsoft BitLocker within the past 12 months.

Microsoft BitLocker is stable.

I have a very small project and I implemented Microsoft BitLocker using GPO. Previously, we deploy Microsoft BitLocker using MBAM.

You can do a silent remote deployment very fast.

Microsoft BitLocker is a free feature when you are using Microsoft solutions.

I could advise any company to then deploy Microsoft BitLocker, first of all, because the product is free and the end user's computer performance is not affected. There are some products that when you install it on the end user's system, their system can become very slow.

I rate Microsoft BitLocker an eight out of ten.

We use BitLocker to assure that our confidential data is protected.

As a Microsoft shop, we find this product easy to use. It's not a problem.

The pricing should be improved.

We have been using Microsoft BitLocker for several years.

In the past, there had been some issues. However, they've fixed them. The stability has drastically improved.

BitLocker is a scalable product.

We do not really need the technical support.

The initial setup is straightforward.

For reasons unknown, Microsoft products seem to be getting more expensive.

We are a Microsoft shop and tend to use their solutions.

Overall, BitLocker is a good product and I recommend implementing it.

I would rate this solution a ten out of ten.