BitLocker Encryption for Workforce Computers


BitLocker is the native encryption program included on some versions of Windows, though it is not turned on by default. To meet encryption compliance at CUIMC, systems using BitLocker must be running Windows 10 or 8.1 Enterprise Edition and use TPM 1.2 or higher hardware. Computers that do not cannot be used. Please see Using BitLocker at CUIMC below for additional information.

How BitLocker Works

BitLocker encrypts the full disk drive(s) when properly enabled. Decryption happens transparently after entering your computer login and password, simply work on it as you normally would. After logout or shut down everything is encrypted and cannot be read without an authorized login.

Using BitLocker at CUIMC

Workforce Computers

CUIMC IT offers BitLocker for workforce computers so they can connect to a Microsoft BitLocker Administration and Monitoring (MBAM) server. MBAM helps ensure that computers meet University policy for encryption, and stores a recovery key that can be provided by authorized staff if an issue occurs with the encrypted drive.

Please contact your Certified IT Group to have BitLocker set up on a workforce computer. The computer will need to be running a compatible version of Windows (see the top of this page) and be joined to the MC domain. Certified IT staff at CUIMC who are in the process of setting up BitLocker can contact us to request additional information about using the MBAM server.

Personal Computers

If you would like to set up BitLocker on a personally owned computer please be sure that:

As with any full disk/drive encryption, prepare by reviewing all instructions, verifying compatibility with your computer, and running a full, secure back up. Issues including permanent loss of files can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.

Instructions geared towards student owned computers meeting all of the above requirements have been provided as a courtesy only.