BitLocker Agent Volume Suspend and Lock

Lock Function

The Lock function in BitLocker is used to manually lock an encrypted drive. When a drive is locked, its contents are inaccessible until it is unlocked using the appropriate key or password. This is particularly useful for protecting sensitive data when the drive is not in use. You will not be able to lock a volume if a pin, password, or recovery password does not exist for the agent for the volume you want to lock.

To lock a BitLocker-encrypted drive, you can slide the lock control to the right or the locked position.

To unlock a BitLocker-encrypted drive, you can slide the lock control to the left or the unlocked position.

Suspend Function

The Suspend function temporarily disables BitLocker protection without decrypting the data on the drive. This is useful when you need to perform system updates, firmware upgrades, or hardware changes that might otherwise trigger BitLocker recovery mode.

When BitLocker is suspended, the encryption key is stored in clear text on the drive, allowing the system to access the encrypted data without requiring the BitLocker key. However, any new data written to the drive during this period will still be encrypted.

To suspend BitLocker protection, you slide the suspend slider to the right or suspend position.

Resuming BitLocker Protection

After completing the necessary updates or changes, you can resume BitLocker protection to re-enable encryption. This can be done by sliding the suspend control to the left or unsuspend position.

Summary

  • Lock: Manually locks an encrypted drive, making its contents inaccessible until unlocked.
  • Suspend: Temporarily disables BitLocker protection without decrypting the data, useful for system updates or changes.
  • Resume: Re-enables BitLocker protection after suspension.

How can we help?