BitLocker Encryption Warning

BitLocker Encryption Warning
Posted on 06/03/2021

Parents of current and former NKSD students: Prior to 9/1/2021, students utilized Microsoft’s Office365 suite of applications to complete schoolwork in their classes. For students who were accessing O365 on a personally-owned computer, utilizing a Microsoft Windows 10 operating system, (version 1703 or later), there is a possibility that the hard drive on that computer has been encrypted, using Microsoft’s “Bitlocker” disk encryption feature. This information is being provided to inform you about Bitlocker, and how it may have impacted your families’ personal computer.

Beginning 9/1/2021, NKSD students have been migrated to the Google Workspace for Education applications, and are no longer accessing Microsoft O365. Google does not utilize Bitlocker, so this information is only applicable to personally-owned computers that accessed Microsoft O365, prior to 9/1/2021.

The Microsoft Windows 10 operating system, if present on your personally-owned computer, contains a disk encryption feature called “Bitlocker”, which is integral to the Windows 10 operating system. Microsoft’s default settings, beginning with Windows 10 version 1703 (which was released in April 2017), is to automatically enable Bitlocker, when connected to any Microsoft-managed service, such as O365. If your computer is not running a Microsoft Windows 10 operating system (ie a Chromebook or an Apple Mac), or any version of Microsoft Windows prior to Win 10 1703, this notification will not apply.

The NKSD Technology Department wants to assure you of the following:

  • NKSD is not applying ANY policies to personally-owned devices, regardless of if they are used by staff or students. We specifically cannot assume liability or responsibility of a personally-owned device.
  • We are not enabling or causing Microsoft Bitlocker encryption to activate on any personally-owned device, with or without anyone’s knowledge.
  • We have not ever applied any policy to cause Bitlocker to be applied to a personally-owned device.
  • All student accounts are managed the same, district-wide.

When Bitlocker is activated, the computers’ hard drive is encrypted. This prevents data from being accessed by unauthorized means, which is usually a good thing. If the computer does not ever have a component failure, then you will likely not even be aware that Bitlocker has been enabled. However, if there is a component failure on your personal computer (in particular the main circuit board, “motherboard”) that then get replaced, the data on the hard drive will not be accessible, unless a Bitlocker encryption key is entered. This device encryption “recovery key” may be accessible by NKSD, as the students’ user account is registered to the NKSD organization within Microsoft’s management system..

To remedy the issue before a component failure were to occur, we recommend that parents disable the Windows 10 “Bitlocker” feature, as outlined here: Bitlocker Device Encryption Overview [docs.microsoft.com]. If you do not disable Bitlocker, and your personal computer experiences a component failure that is subsequently repaired, you may not be able to access the data stored on your hard drive. If that occurs, and you need to obtain the Bitlocker encryption recovery key, please submit a student TSR, and we will provide you with any Bitlocker information we can locate. We cannot guarantee that this information can be located, due to a large number of factors out of our control, but we will extend a diligent effort to do so.

In summary, we will provide tech assistance to students and parents as much as possible for their personally-owned devices; but we cannot control what Microsoft, Dell, Lenovo, or any other computer manufacturer enables on their software or hardware devices.

References:

  1. Bitlocker Automatic Device Encryption Hardware Requirements [docs.microsoft.com]
  2. Bitlocker Device Encryption Overview Windows 10 [docs.microsoft.com]
  3. Bitlocker on Dell Systems
  4. https://www.dell.com/support/kbdoc/en-ie/000103639/how-to-troubleshoot-and-resolve-common-issues-with-tpm-and-bitlocker

Thank you,

North Kitsap School District Technology Department