Question:

I would like to inquire about an unexpected occurrence we’ve encountered with our Windows 10 22h2 systems, which are currently not configured with BitLocker encryption. Despite the absence of any BitLocker policies in SCCM, Intune, or GPO, approximately 700 out of our 7000+ computers activated BitLocker encryption spontaneously following the installation of the October patch on Patch Tuesday.

Additionally, we’ve observed that all newly imaged computers are also being encrypted with BitLocker. This presents a significant challenge as we lack a BitLocker infrastructure and, consequently, do not possess any recovery keys.

Through forum discussions, we discovered a registry key that seems to halt this automatic encryption, yet there has been no mention of this behavior in any official Microsoft documentation. Upon raising a support case with Microsoft Service Hub, it was confirmed that the October 2023 update does indeed initiate BitLocker, and the registry key we found is effective in preventing this. However, the lack of documentation and the fact that the key is intended for consumer versions of Windows, while we are using the Enterprise edition, is perplexing.

Have any other organizations experienced this sudden and unanticipated activation of BitLocker on their computers? If so, how was the issue addressed?

For reference, the registry key in question is:

“`

SYSTEM\CurrentControlSet\Control\BitLocker

PreventDeviceEncryption: DWORD:1

“`

Answer:

This situation is particularly challenging for organizations that do not have a BitLocker infrastructure in place, as it leaves them without access to necessary recovery keys. The discovery of a registry key that appears to prevent this automatic encryption has provided a temporary solution, albeit one that is not documented in any official capacity by Microsoft. The registry key in question is:

“`

SYSTEM\CurrentControlSet\Control\BitLocker

PreventDeviceEncryption: DWORD:1

“`

The lack of official documentation and acknowledgment from Microsoft regarding this issue has left many IT professionals in a state of uncertainty. The fact that the registry key is typically associated with consumer versions of Windows, rather than the Enterprise edition, adds to the confusion.

In response to inquiries, Microsoft Service Hub has confirmed that the October 2023 update does indeed trigger BitLocker encryption and that the aforementioned registry key can prevent it. However, this information is not widely disclosed, leaving many to wonder about the transparency and communication regarding such critical updates.

Organizations affected by this issue have taken to forums and support channels to share their experiences and solutions. Some have managed to use the registry key to halt the encryption process, while others are still seeking a more permanent and officially supported resolution.

As the situation develops, it is crucial for Microsoft to provide clear guidance and support to its enterprise users. The unexpected activation of BitLocker encryption not only disrupts operations but also raises concerns about data security and access. A comprehensive explanation and a reliable fix are needed to ensure that organizations can maintain control over their security settings and continue to protect their data effectively..