Bitlocker Keys Readable [CHK-1149]
This check verifies if regular users can read the Bitlocker keys used for hard drive encryption.
Rationale
Bitlocker keys, if accessible by regular users, can be exploited by an attacker with device and account access to decrypt the hard drive and elevate their rights on the machine.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to Entra ID portal at https://entra.microsoft.com
- Go to Devices > Device settings
- Under "BitLocker", set "Restrict non-admin users from recovering the BitLocker key(s) for their owned device" to "Yes"
- Click "Save"
Impact
After the fix, regular users will be unable to view their own BitLocker key, enhancing the security against potential hacking attempts.
More Information
For additional details, refer to the Microsoft Bitlocker documentation.