BITLOCK - Planning and Deploying BitLocker Drive Encryption

This 2-day instructor-led course teaches you everything you need to know about BitLocker. This course includes hands-on labs. These labs reinforce and expand on the instructor-led portion by having you actually deploy and operate BitLocker. You’ll practice techniques for setting up a BitLocker-enabled environment, implementing BitLocker on multiple system configurations, and recovering BitLocker after the detection of a possible compromise.

Data security is an increasingly critical part of IT. More and more organizations require data encryption in order to meet regulatory security requirements. BitLocker Drive Encryption is a popular choice to meet these requirements. BitLocker is a highly effective and low-cost data encryption technology that’s built into Windows. But because of this strong protection, your organization must understand and carefully plan for BitLocker deployment to avoid data loss and system downtime.

Although the labs focus primarily on Windows 10 and Windows Server 2012, the class also applies to Windows 7, Windows 8, Windows Server 2008, and Windows Server 2016.

Student Testimonials

Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus. Student
Excellent presentation skills, subject matter knowledge, and command of the environment. Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect. Student

Click here to print this page »


A strong understanding of Windows deployment and management in an enterprise environment is required. Familiarity with cryptography and data storage technology is highly recommended.

Detailed Class Syllabus

Analyzing BitLocker

Context and background
Understanding BitLocker
Understanding BitLocker to Go
Trusted Platform Module (TPM)

Understanding BitLocker

Pre-Boot Authentication
System Tamper Detection\
System Integrity Verification
Network Unlock
Encrypted Drive Support

BitLocker Architecture

BitLocker Initialization
BitLocker Operation
BitLocker Suspend and Resume
BitLocker to Go Architecture

Planning BitLocker Deployment

Examining Hardware Capabilities
Planning Configuration Options
Planning Recovery Options

IT Planning

Planning User Interaction Scenarios
Planning Recovery Key Access and Use
Planning BitLocker Deployment Through System Center Configuration Manager (SCCM)
Planning BitLocker Deployment Through Microsoft Deployment Toolkit (MDT)
Planning BitLocker Deployment Through Microsoft Baseline Administration and Monitoring (MBAM) and Microsoft Desktop Optimization Pack (MDOP)

User Planning

Identifying BitLocker Users and Devices
Educating BitLocker Users

Single Standalone Device

Configuring BitLocker Options
Enabling BitLocker
Encrypting the Drive
Verifying BitLocker Operation

Single Domain-Joined Device

Configuring BitLocker Options
Enabling BitLocker
Encrypting the Drive
Verifying BitLocker Operation

Multiple Devices

Deploying BitLocker Through Group Policy
Deploying BitLocker Through PowerShell
Deploying BitLocker Through SCCM, Altiris, and MBAM

Troubleshooting BitLocker Deployment and Operational Issues

Normal BitLocker Use
Suspending and Resuming BitLocker
BitLocker Recovery Mode
Recovering BitLocker Devices
Preventing BitLocker Recovery Mode
Managing the Trusted Platform Module (TPM)