CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
For support: call extension 5-Help (212-305-4357) or email us

BitLocker Encryption for Windows

BitLocker Icon for Encrypted Drive

BitLocker is the native encryption program included on some versions of Windows, though it is not turned on by default. To meet encryption compliance at CUMC, systems using BitLocker must be running Windows 7 SP1 with Enterprise or Ultimate Edition, or Windows 8.1 or 10 Enterprise Edition, and use TPM 1.2 or higher hardware. Computers that do not cannot be used. Please see Using BitLocker at CUMC below for additional information.

How BitLocker Works
BitLocker encrypts the full disk drive(s) when properly enabled. Decryption happens transparently after entering your computer login and password, simply work on it as you normally would. After logout or shut down everything is encrypted and cannot be read without an authorized login.

Using BitLocker at CUMC

Workforce Computers
CUMC IT has deployed BitLocker for workforce computers so they can connect to a Microsoft BitLocker Administration and Monitoring (MBAM) server. MBAM helps ensure that computers meet University policy for encryption, and stores a recovery key that can be provided by authorized staff if an issue occurs with the encrypted drive.

Please contact your Certified IT Group to have BitLocker set up on a workforce computer. The computer will need to be running a compatible version of Windows (see the top of this page) and be joined to the MC domain. Certified IT staff at CUMC who are in the process of setting up BitLocker can contact us at 5-Help to request additional information about using the MBAM server.

Personal Computers
If you would like to set up BitLocker on a personally owned computer please be sure that:

  • It is not joined to a department's domain. There may be policies set by IT staff managing the domain that will override BitLocker settings you will want to change.
  • It uses a compatible version of Windows as noted at the top of this page. See What Operating System does my computer use? for help finding a computer's version and edition. Upgrades may be available under Columbia's site license agreement, please contact your IT staff or see the Microsoft Downloads for the CU Community page for information on downloading.
  • BitLocker's default encryption cipher method, AES-128, is changed to AES-256 before enabling. AES-256 is required to comply with University encryption policy.
  • Do not store your recovery key with Microsoft. They do not have the required Business Associate Agreement with CUMC to store keys or information pertaining to confidential and sensitive data.
As with any full disk/drive encryption, be sure to review all instructions, verify compatibility with your computer, and run a full, secure back up. Issues including permanent loss of files can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.

Instructions geared towards student owned computers meeting all of the above requirements have been provided as a courtesy only.

| TOP |

Last updated 7/19/2018