BitLocker-Encrypted Volumes

Managed Backup supports BitLocker-encrypted volume backups and restores.

What is BitLocker?

BitLocker is a volume encryption tool in Windows Enterprise and Ultimate versions. BitLocker differs from most other encryption approaches since it uses your Windows login to encrypt your data. BitLocker suits for standing against threats of data theft or disclosure from lost, stolen or inappropriately decommissioned PC hardware.

To learn more about BitLocker, refer to the BitLocker section at docs.microsoft.com.

Backing Up BitLocker-Encrypted Volumes

In Management Console

Keep BitLocker option is managed on the What to Backup step of an image-based backup wizard.

If you have BitLocker-encrypted volumes, the Keep BitLocker check box is selected by default. If you leave this check box selected, the BitLocker-encrypted volume will be backed up as is.

If you deselect the Keep BitLocker check box, the volume will be backed up decrypted.

The decryption does not happen automatically, MSP360 Backup only performs checks of volume state. You have to provide one of decryption credentials on Windows side

In Backup Agent

Keep BitLocker option is managed on the Select Partitions* step of an image-based backup wizard.

If you have BitLocker-encrypted volumes, the Keep BitLocker check box is selected by default. If you leave this check box selected, the BitLocker-encrypted volume will be backed up as is.

If you deselect the Keep BitLocker check box, the volume will be backed up decrypted.

The decryption does not happen automatically, MSP360 Backup only performs checks of volume state. You have to provide one of decryption credentials on Windows side

Restore of BitLocker-Encrypted Volumes

In Backup Agent

Restore of BitLocker-Encrypted Volume

If you restore a BitLocker-encrypted volume that had been backed up as is, with the Keep Bitlocker option enabled, the volume will be mounted to the specified location without any changes.

If you restore a volume that had been decrypted before backup, it is restored as follows:

  • If you select the original volume as a restore destination and it is still decrypted, the volume will be restored as is
  • If you select the original volume as a restore destination and the volume is encrypted, you will be prompted to provide one of credential types to unlock the volume.

Item-Level Restore from BitLocker-Encrypted Backups

Starting from version 6.3.1, Backup Agent supports item-level restore for BitLocker-encrypted backups. Volumes that are BitLocker encrypted are displayed with the speical icon indicating the encryption.

To view the contents of the BitLocker-encrypted volume on backup storage, select it, then specify one of credential types to unlock the volume:

  • Password
  • Recovery password
  • Key file.

Once you are done, click OK, then follow the restore wizard steps to configure the restore.