This article applies to:
- OS: Windows
- Product edition: inSync Cloud and On-Premise
- BitLocker drive encryption is a data protection feature of the operating system that was first made available in Windows Vista.
- Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
- BitLocker is a drive-level encryption and not a file-level encryption, hence when enabled access to the entire drive is restricted.
- BitLocker works on the basis of a password encryption whereas EFS works on the basis of certificate-based encryption.
Scenarios with BitLocker enabled
Scenario 1: BitLocker enabled on devices with a single drive (C:\ as OS volume)
Since BitLocker has a drive-level encryption, the drive is unlocked when the OS is up an running. Hence, BitLocker does not hamper the functionality of inSync and the backups complete successfully.
Scenario 2: BitLocker enabled on one or more drives of each device having multiple drives
In this scenario, the volume backups of drives enabled with BitLocker complete successfully. The rest of the drives must have auto unlock enabled during the authentication process while setting up BitLocker for the drives. If auto unlock is not enabled, the drive remains encrypted even after boot-up. If the drive is configured for backup, inSync cannot back up the drive as the drive is encrypted.
Configuration for seamless backup from drives
To avoid backup failure on devices with BitLocker:
- Go to Control panel on the device.
- Click the BitLocker Drive Encryption icon. The BitLocker configuration page opens. The page displays the all the drives, with their respective configuration status. Different options for the OS volume and additional drives are also displayed.
- Check for Turn on Auto Unlock for non-OS drives and enable the option. This will ensure that the drive is accessible to inSync for backup every time the user boots the device.