BitLocker Drive is an extremely useful security feature which integrates within the operating system, and protects the data from threats of data theft or exposure from lost, stolen, and unattended computers. With the latest Windows 10 version 1511 (November Update), Microsoft updated the BitLocker feature, which now brings support for XTS-AES encryption algorithm. The algorithm provides additional protection against attacks that "rely on manipulating cipher text to cause predictable changes in plain text."
BitLocker supports both 128-bit and 256-bit XTS-AES keys, but keep in mind that it will not be accessible on older version of Windows. For Windows 10 users, the improved BitLocker also give users the ability to recover their device with Azure directory as well. Here's what's new for Windows 10 users:
- Encrypt and recover your device with Azure Active Directory. In addition to using a Microsoft Account, automatic Device Encryption can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online.
- DMA port protection. You can use the DataProtection/AllowDirectMemoryAccess MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
- New Group Policy for configuring pre-boot recovery. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the "Configure pre-boot recovery message and URL" section in BitLocker Group Policy settings.
Make sure to activate the feature if you're not already using it, especially if you're an enterprise user to protect your data from threats.