Event details

Let’s talk resiliency, security hardening, and recovery tools! We’re kicking off Tech Community Live: Windows edition, with a one-hour Ask Microsoft Anything (AMA) on all things Windows security. Ide...
Pearl-Angeles
Updated May 14, 2025
AMA
Tech Community Live
lalanc01's avatar
lalanc01
Iron Contributor
Dec 11, 2024

Hi, are there other options than network unlock to prevent users from having to enter their bitlocker pin?

thks

Joe_Lurie's avatar
Joe_Lurie
Icon for Microsoft rankMicrosoft
Dec 11, 2024

Hey Stefane lalanc01 good to see you here! Network Unlock is handy when devices are being updated and rebooted overnight, so the device is ready for the end user when they come in in the morning, instead of stuck at the PIN screen. You really have two choices here:

  1. Use Network Unlock
  2. Remove the PIN requirement

Fortunately, we added hotpatching to Windows 11 Enterprise, version 24H2. Make sure you join that AMA as well, as it will allow the updates to install and be active even without a reboot AMA: Hotpatching Windows - client and server - December 11, 2024 - Microsoft Event 

  • lalanc01's avatar
    lalanc01
    Iron Contributor
    Dec 11, 2024

    Thks Joe, yes hotpatch is good, but since bitlocker is suspended during patching with Autopatch it's less of a concern. 

    It's more of when we need to reboot devices for whatever reason or when there's power outages and the user is working remotely from home and IT just power on the machine.

    • Jason_Sandys's avatar
      Jason_Sandys
      Icon for Microsoft rankMicrosoft
      Dec 11, 2024

      This is not correct to the best of my knowledge. Disabling BitLocker offers an attack vector to any bad actor regardless of when or how it is done and Autopatch does not automatically do this. I believe feature updates do this (regardless of how they are deployed) but quality updates do not.