Microsoft BitLocker Reviews

We use the solution for encryption.

Microsoft BitLocker is a Microsoft native product that provides good encryption.

The solution should have a better user interface and dashboard.

I have been using Microsoft BitLocker for four to five years.

I rate the solution’s stability an eight out of ten.

Around 80,000 users use the solution in our organization.

I rate the solution’s scalability ten out of ten.

The solution's technical support team asks for a lot of logs.

Neutral

The solution's competitor is Trellix. Trellix is a bit better than Microsoft BitLocker because it has a very good reporting feature.

The solution's initial setup is complex.

I deployed the solution by myself in a couple of days.

On a scale from one to ten, where one is expensive and ten is cheap, I rate the solution's pricing an eight out of ten.

The solution's recovery option works fine to support our data security strategy. We integrate the Azure OpenAI tool with Microsoft BitLocker. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.

We use the solution to secure endpoints.

Microsoft BitLocker's most valuable feature is endpoint encryption, and it's quite easy to manage. Microsoft BitLocker's data protection is the most useful for mobile endpoints like laptops.

The management of the product could be made a little easier.

I have been using Microsoft BitLocker for 5-6 years.

I rate the solution ten out of ten for stability.

Around 50 users are using the solution in our organization.

I rate the solution’s scalability ten out of ten.

We didn't pay for additional licenses since the solution is built into Windows.

Before choosing Microsoft BitLocker, we evaluated Trend Micro.

I use the latest version of Microsoft BitLocker. We didn't have any specific incidents where we needed to use the solution's recovery process. However, if there's a problem unlocking devices, it's pretty simple to manage.

The solution is not complicated to manage. Microsoft BitLocker is transparent to end users, and they are unaware of its existence. It doesn't impact their performance in a measurable way, and we don't have any problems with it.

Microsoft BitLocker is a very useful tool for managing endpoints, especially mobile ones, and ensuring that data is not leaked. The solution's drives are integrated into the mobile workstation. We require one person as a backup to maintain the solution, which is not time-consuming. It just takes a few hours every month. I would recommend the solution to other users.

Overall, I rate Microsoft BitLocker ten out of ten.

We use Microsoft BitLocker for hard drive encryption.

The product helps us to encrypt local devices. It allows us to protect devices against theft and unauthorized access.

Microsoft BitLocker's most valuable features are stability and simplicity in terms of usage.

They could improve cloud integration regarding attribute and encryption key management.

We have been using Microsoft BitLocker for five years. At present, we use its latest on-premises version.

I rate the product’s stability a ten out of ten.

We have Microsoft BitLocker installed on 5000 devices in our organization.

We have an in-house technical support team.

We attempted to use some other products before. But only Microsoft BitLocker proved suitable for our business requirements.

We deploy the product in the client’s environment using group policy configuration. It takes a week to complete the process.

We already use Microsoft products, and Microsoft BitLocker is an add-on product that is free of cost for us.

I rate Microsoft BitLocker a nine out of ten.

We use the solution for laptops assigned to sales in case it’s lost or stolen.

The solution is included in Windows 11.

The product must improve the centralization of keys. BitLocker is not perfect. Sometimes, we have problems when Windows tries to start. It shows that the key is not available.

I am using the solution currently.

It is a stable solution.

We check the Microsoft forum to resolve issues.

The initial setup is not complex.

We can activate the product at no cost. We're just taking advantage of what is included in Windows.

We have individual files when IT support prepares the computers. We have the information to replace an SSD or increase the size. We need to remove BitLocker, change the drive, put it back, and encrypt it again with BitLocker. We can check the way the encryption is used because it is centralized. It is good to test the features and centralize the encryption. Overall, I rate the tool an eight or nine out of ten.

We put BitLocker on all our consultants' laptops to protect their data in case they lose their machines.

I like the fact that you can get a BitLocker encryption key out of OneDrive.

BitLocker should be available on standard Windows. We need to spend money on a Pro license to get BitLocker because it's essential to protect our customers' data. We don't want that to fall into the wrong hands.

I have used BitLocker for five years.

BitLocker is stable.

We haven't rolled it out on a large scale. We're enabling it one computer at a time. 

BitLocker is pre-installed on Windows Pro, so you only need to switch it on. It takes a while to run, but you can switch it on and go do something else. It takes a minute or so to find it in the settings and enable it. 

BitLocker is included in the Windows Pro license. The Pro version of Windows costs about 100 pounds more than the Home Edition, so you need to decide if it's worth upgrading to Pro. That extra cost might be a tough pill for some companies to swallow, but it's necessary if you don't want to worry about your data if an employee loses their laptop. 

I rate Microsoft BitLocker 10 out of 10. It's a simple tool that does what it says. I recommend using it if you have access. 

Our primary use case for this solution is encryption. The solution is deployed on-premises.

The ease of administering and integrating the solution is great.

The product could be improved by simplifying the implementation process and the integration between Active Directory and BitLocker could be better.

We have been using this solution for two years and are currently using the latest version.

The solution is stable.

The solution is scalable. Currently, we have approximately 800 users using this solution, and six people are required for maintenance.

We don't have experience with customer service and support.

The initial setup is easy and takes approximately one to two days. A day for implementation and a second day for compliance.

The solution was implemented in-house.

We use the System Center Configuration Manager, which is free. So we don't need a license for BitLocker.

I rate this solution an eight out of ten. The solution is good but can be improved by simplifying the implementation process. I recommend it to people who may not be able to afford high license costs.

We primarily use the solution for encryption. 

You have to do a bit of reading to understand the logic; however, after that, it becomes pretty straightforward to use it.

Feature-wise we have the ability to encrypt fast. This means when you enforce the policy and when you onboard a device via the Azure AD, it comes online pretty quickly. The speed at which BitLocker engages is pretty strong. That's a significant thing. You can even control your external devices, like your USB devices. You can allow or deny, or even encrypt those devices. There are lots of useful things like that available in this product.

In terms of improvement, they should look at file encryption. When the files are being moved out or something, sometimes we need encryption in transit. Meaning when your system, your laptop you're using, the files are idle, then they are encrypted. And if you are sending the files out, let's say you're mailing the files out, that's data in transit. The encryption over there is controlled differently. It depends on what tool you're using for sending the files. However, the encryption is controlled there. The thing is, if you could have one single point of the solution, no matter if you're using Office 365 as an organization, to have just one encryption system across multiple systems, rather than having one BitLocker on the drive, then another encryption rule-set for sending an email, that would be easier.

Maybe the solution could use some more capability within the reporting system, et cetera. The reporting in Microsoft is very minimal. If you had a third-party tool, they will give you very high-level, very detailed reporting across various categories and conditions. Microsoft doesn't do that. That's a huge drawback in the system. You open the control, you get a lot of information; however, that information, you can't export.

I’ve been using the solution for almost a year now.

The solution is absolutely stable. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

We currently have about 150 people using the solution across every level of the organization.

Scalability doesn't really come into play since it's applicable only to the endpoint. BitLocker is applied to the laptop. You can set the policy to apply to all the drives on the laptop, and you can set the policy when the system is starting up and ask for a pin or just run it without the pin when it starts up. All that stuff is configuration-driven. There's no issue with scalability there. It just applies to all the machines, and once encrypted, all the machines will report to the central consoles.

Technical support varies since Microsoft tech support is outsourced to other organizations partnering with Microsoft. Therefore, even though I'm raising a ticket with Microsoft, it can go anywhere across the globe. Eventually, it is a third-party organization that's representing Microsoft that will handle the ticket.

The problem is the individual's expertise will vary. Some of them are very well versed in a particular product. Some are not so well versed. Eventually what happens is if they're not so well versed, then they'll go back to the Microsoft documentation and give you details based on that, and they'll work it out with you. The important thing is they always make it a point to achieve case closure. I'm not saying that it's very brilliant, however, it does a very good job. 80-90% of the time, it actually works.

Positive

We did not previously use a different solution, however, the critical thing to note is Windows 10 and 11 come with built-in encryption enabled. You have to disable that encryption. Only then will your centralized policy for BitLocker take over. Otherwise, it will throw up an error.

The initial setup is pretty simple. You might have to do a bit of education in terms of understanding the logic, however, after that, it’s all very simple.

For the actual deployment, basically, I did it in pieces. I did the initial deployment on my laptop. I had raised queries with Microsoft Support for this. Once I got the basic settings in place, I stabilized this as my policy, and then I drove it out to all my users.

I handled the initial setup myself. I didn’t need the help of any integrators or consultants.

You only have to pay for it. BitLocker is already present within the operating system. It's part of the OS. When you buy your laptop or a desktop, BitLocker is already present. The important thing here is the configuration part of it. BitLocker comes on your laptop, and it's 128-bit encryption, which comes by default. It's the unmanaged variety. The managed variety can be 128 or 256 bits. As a matter of industrial practice, we will all deploy 256 versions and there's no software cost coming in.

The important thing here is the deployment tool that you have. There are lots of tools in the market. Microsoft has an app called Intune, which gives you native control of the system. If you don't use Microsoft, if you don't have Intune, then you could look at some other products which give you control over the native encryption rather than deploying their own. Many products are there in the endpoint security domain which provides you encryption. If I decide to go that route, I will disable the BitLocker on both and I will apply this encryption software. However, I’m forced to rely on that encryption tool to do that management.

I’m using the latest edition. I started off on a trial basis for a couple of weeks, and now I've taken it to production. All my laptops are now on BitLocker.

I’d rate the solution nine out of ten.

If you want a free solution and work on Microsoft, use Windows BitLocker. That should do the job for you. Unless otherwise explicitly required for business needs, Encryption is basically a compliance requirement from an audit compliance requirement perspective. Encryption of your hard drives is a compliance requirement. However, there are businesses and industries wherein the data has to be encrypted, and it’s mandatory. This is not an issue of compliance for them. It's a work requirement. In those kinds of scenarios, then you would have to probably look at third-party solutions, which give you something beyond just the basic encryption. If you want to do basic encryption and you have your Intune, just use that. No money needs to be spent. You just need to put a little effort into creating a policy to push and apply to all the systems. End of story. However, if you have something more significant, you may have to look at other solutions.

We use it for encrypting data and storage for the most part. We keep it up to date in terms of the version.

It basically brings us in compliance. We are required to encrypt the handling of data, the transmission of the data, and storage of the data. So, when people are working with the data, and they download it to the laptops, we can safely say it is encrypted at that point to meet our requirements. It is pretty transparent to the end-user since the encryption is done without them really doing it.

Our need was to protect our portable devices. So, our thumb drives get automatically encrypted. Any attached storage gets automatically encrypted for our laptops in case they get lost or stolen when people travel.

I liked the way it works with our Microsoft tools. As we roll out Intune, we can validate if the device has been encrypted, and if not, we can push it down. It is pretty simple to deploy. 

Their interoperability with our tools, which are the Microsoft tool, can be improved. It needs to be geared towards more of the wraparound of the zero trust. There are solutions we're looking at that do encryption plus X, Y, and Z. So, we're looking at the ability to wrap around the product with other features.

The biggest one for us is revoking access. So, even though someone downloads something to a device, we want the ability to cloak that device or data and bring it back or make that data unusable for that person. Currently, BitLocker doesn't give us that ability. It basically encrypts it. We're seeing if identity management or IAM allows us to do that. We're kind of looking at third-party software that does that for us.

Usually, Microsoft sees what other third-party companies do and then either adopts it or buys the third-party company, and that's kind of what we're looking into. That's our need. It'd be a lot better if it was all under one mirror or one window, instead of having a couple of different vendors working on it. So, if Microsoft could solve that, it would be awesome. They should look at the third-party enhancements that people are doing, and then take the encryption a step further by adding those features to BitLocker. Microsoft has different components. They have identity management, but is it tied to encryption? BitLocker is mostly tied to devices, but it would be best for me if I get a piece of data and I am able to encrypt it all the way through using BitLocker. Currently, BitLocker is basically tied at the device level instead of the data level.

I would just like them to look at what other people are doing in terms of encryption as a whole and offer the encryption not only tied to the device, but also to the file level. They should add features on that in terms of access control and reporting. We should be able to see who has access to it and who has touched a file. So, we're going towards the zero trust model and the zero trust reporting. It is a "We don't trust anybody" type of deal. So, it is not just the device, it is the data. They should try to wrap it around the data at the file level and not at the device level.

I have been using this solution for about three years.

So far, so good. We haven't had too many problems with managing the keys or anything else. Probably the only concern is that we manage it. Individuals are not doing it themselves. The other thing is as we take over companies or merge companies, or the other way around, we have to make sure that we get those keys to the kingdom per se. So, we always got to look out for that as well.

So far, so good. Mostly, anything we deal with Microsoft is pretty scalable. Again, it is kind of tied to devices, but you can essentially manage it, which makes it simple.

In terms of its usage, we force it on everybody, so it is non-binding. No matter who you are in a company, if you have a managed device, it is going to be encrypted. It is a requirement, so it is being used extensively. Its usage will increase as the number of employees increase.

I don't think we've had many issues with them. We push it through our SolarWinds product, so for most of the issues we've had, we probably had to deal with SolarWind's side to make sure that everything was pushed correctly. We didn't go to the Microsoft side. Our software vendor might have dealt with Microsoft directly but not us.

The only solutions that we've had in place were standalone encrypted thumb drives. We had not rolled out BitLocker until then, so we had a need to encrypt thumb drives. We had bought Aegis thumb drives that came encrypted. After we got the encryption rolled out, when someone connected a thumb drive, it was automatically encrypted, or they couldn't store data on it. Once we went to that method, we didn't purchase any more Aegis encrypted thumb drives.

We have it on-prem, and we have a couple of devices in the cloud, but we are a hybrid environment. Our main thing was to get it on our traveling laptops and protect them. We push it through another vendor, not Microsoft. We push it through another SolarWinds vendor, and then we push it down. The only thing that we've had problems with was that the encryption level wasn't as high as we needed it by default. So, we had to do some tweaking to get the correct encryption level that we wanted. It is all default. So, you have to be aware of how you deploy it. If you deploy it one way, it doesn't really fully encrypt the machine.

It took days only because it was a slow rollout. It was intentionally a slow rollout. It didn't take long to do it, but we just wanted to make sure it was done right and correctly.

We just implemented it in-house. In terms of maintenance, it is a small staff. We rely on our software to help us with the patching and everything. We have reports that kickback to us. If for some reason, encryption was turned off or encryption wasn't deployed correctly, we'd get reports sent to us. So, a lot of stuff is automated in terms of monitoring the compliance to encryptions, and our response to that is pretty fast. We just manage it with our current staff. We don't have anybody directly tied to just doing that.

I don't know the costs. In terms of Microsoft licensing, we are at E3 on the business, and we're in the process of pricing out and moving to E5. So, a lot of this is included within our licensing agreements.

If you don't implement this, you have to implement something else. You have to have some type of encryption. In the past, people wanted a layered approach to security. They wanted to have different vendors, and they wanted it to be able to have that overlap of vendor support on security, but the reality is that everybody looks to Microsoft. If you look at the SolarWind attack, who do they go to help resolve it? They went straight to Microsoft. Therefore, we're getting away from that thought process of divide and conquer. We're just trying to align everything up with a single pane of glass so that we can build on our Microsoft tools. In the past, we would have resisted being tied to one security.

I can't rate it any lower than eight out of 10. The only reason why I don't rate it a 10 is that they can do more with it. It is good at what it does, but it needs to do more. It is never going to get a 10 from me because it is never going to be perfect, but there is more to do.