The following procedure is for encrypting drives individually. For more information about encrypting drives on multiple devices at the same time, see Setting up BitLocker Policies.
A data drive (a drive that doesn’t run the OS for a device), can’t be encrypted unless the OS drive for the device is encrypted.
For BitLocker prerequisites, see BitLocker Prerequisites in Using BitLocker in Barracuda RMM. For BitLocker encryption status, see Viewing BitLocker Encryption Status.
To encrypt a drive
- In Service Center, click Status > Devices.
Click the device name.
In the BitLocker area, next to the drive you want to enable, click Enable.
Decrypting BitLocker drives
Operating system drives can only be decrypted if all the drives that use that operating system are decrypted (or were not encrypted).
Data drives can be decrypted at any time, for example, a data drive can be decrypted before the encryption is finished.
Decrypting Drives that Use a BitLocker Policy
If you decrypt a drive on a device that is under a BitLocker policy that encrypted it, that drive remains decrypted until the policy is reapplied or it is encrypted manually.
A policy is reapplied when:
- One or more devices are added
- One or more devices are removed
- One or more devices are excluded
Drives that are encrypted through a BitLocker policy are not decrypted when the policy is removed. You must decrypt those drives manually.
To decrypt a drive
- In Service Center, click Status > Devices.
- Click the device name.
- In the BitLocker area, next to the drive you want to enable, click Disable.
- Decryption of a drive can take several hours.