question

MichaelDubissette-8183 avatar image
0 Votes"
MichaelDubissette-8183 asked MichaelDubissette-8183 answered

What are the Microsoft Recommended GPO's for handling Azure Disk Encryption Recovery Keys for Windows?

Hello. I have a Windows Server 2016 VM that is Domain Joined within Azure. I'm wondering what are the Microsoft recommended ADDS GPO's for Azure Disk Encryption to handle the recovery keys with the following below I'm considering based on my research:

  1. Allow BitLocker without a compatible TPM (Will require configuring PIN/PASSWORD protector)

  2. Configure user storage of BitLocker recovery information -> Allow 256-bit recovery key

  3. Configure ADDS GPOs or third party to store recovery keys

They're are a number of Bitlocker GPO's as contained within the following:

https://docs.microsoft.com/en-us/azure/virtual-machines/Windows/disk-encryption-overview#group-policy-requirements

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol1

Because this is a server, I'm trying to avoid a "full bitlocker" implementation just for ADE and looking for minimum GPO's to address Azure ADE requirements and handle Azure recovery keys.

Thanks

Mark

azure-disk-encryption
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelDubissette-8183
Thanks for your question. I am investigating this and will get back to you once I have more information to share.

0 Votes 0 ·

1 Answer

MichaelDubissette-8183 avatar image
0 Votes"
MichaelDubissette-8183 answered

Thank you

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.