Forum Discussion
Michael Brunker
Jun 21, 2017Brass Contributor
Bitlocker on Virtual Machines
Is Bitlocker supported on virtual servers? We would like to implement virtual domain controllers and understand that Bitlocker cannot be used on Server 2012 R@ virtual machines. Is it supported on Se...
- Jun 21, 2017
Yes, however there is a challange which is that MBAM doesn't support servers yet. Without MBAM you can still use BitLocker but it won't be as manageable as some customers would like. You won't get reporting or self service recovery. Some customers feel these capabilities are primarily for client OS. We tend to agree but we plan to add such functionality in the future. Based on priorities it won't happen any time soon.
-Chris
Michael Brunker
Jun 21, 2017Brass Contributor
So without MBAM support, what are the options for server encryption recovery? Manually capture the recovery key and store in key safe?
Todd Godchaux
Jun 21, 2017Brass Contributor
Managing your own key escrow? You're brave! :)
- Michael BrunkerJun 21, 2017Brass Contributor
Just asking the question to see what the options are without MBAM.
- TomR317Dec 04, 2019
Microsoft
Michael Brunker you can store your Bitlocker keys, for your servers, in Active Directory. In can be done by utilizing the Bitlocker GPO and applying it to the respective OU where the computer resides.