Jan 21 2021 07:09 AM
Hi, I wanted to know how WUFB manages bitlocker encrypted devices?
In SCCM, when we update/reboot an encrypted device, bitlocker is suspense automatically until the update process is finished, so there's no Pin prompt.
Is there the same mechanisim in WUFB?
Thks in advance.
Jan 21 2021 09:20 AM
Hi @lalanc01,
BitLocker is suspended automatically for feature updates (starting in Win 10 1803) but not for quality updates.
Jan 21 2021 09:55 AM
@Jason_Sandys so what is the recommendations for encrypted devices that are updates with WUFB for quality updates so that the device is not waiting for the pin?
This is mainly for on-prem devices that are accessed via RDP/Citrix from home users because of covid.
Jan 21 2021 10:04 AM
@lalanc01 There's not really a generic recommendation here. For on-prem devices, one possibility is to use network unlock. Disabling BitLocker automatically for a quality update every month though is a security risk as it leaves the device potentially exposed to anyone in physical possession of it.
Jan 21 2021 10:18 AM
@Jason_Sandys I have several surface devices that are bitlockered and I never pause bitlocker for quality updates. Granted there has been times they've freaked out on me and needed the bitlocker recovery key because of a freak out during windows update, but that's the exception not the norm.