https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/371490#M422 <P>Hi Dfalcon,</P><P>&nbsp;</P><P>Is there a tool or some some log which can show, what prerequisites are not met? I have some PC's I think are compliant, but the <SPAN class="header-context-info"><SPAN class="grid-header-name-text ng-star-inserted">Disk Encryption Visibility</SPAN></SPAN> portal doesn't share my opinion. And I don't know what is the problem.</P> Wed, 09 Dec 2020 13:29:46 GMT gbagita 2020-12-09T13:29:46Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343002#M234 <P>Hello,</P><P>I wanted to check if someone can shed some light on this issue I had.</P><P>&nbsp;</P><P>During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted the HDD (C:) and after the first reboot started asking for the bitlocker recovery key.</P><P>&nbsp;</P><P>Now, the issue is that the key is not present on Active Directory and the user said that it got no other prompt to save the key on the endpoint. My question is that if XDR activated the bitlocker policy and if it was not able to save the recovery key, should it encrypt anyway? I now have a couple of workstations that have their disks encrypted and no way to rollback or unlock them.</P><P>&nbsp;</P><P>Thanks in advance for any tips/help/comments.</P> Mon, 10 Aug 2020 11:08:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343002#M234 Bruno_Alipio 2020-08-10T11:08:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343184#M237 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43238">@Bruno_Alipio</a>&nbsp;-</P><P>&nbsp;</P><P>There are several pre-reqs that must be checked off before enabling an encryption policy.&nbsp; They can be found here:&nbsp;&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/hardened-endpoint-security/disk-encryption-using-bitlocker.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/hardened-endpoint-security/disk-encryption-using-bitlocker.html</A></P><P>&nbsp;</P><P>Since you are having issues with decryption, it is best to contact Support for assistance.&nbsp;&nbsp;</P> Tue, 11 Aug 2020 01:58:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343184#M237 dfalcon 2020-08-11T01:58:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343223#M238 Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/47142">@dfalcon</a>, thanks for the feedback, I opened a case in support but unfortunately they where not able to help. I'm just trying to figure out the standard behavior if the prerequisites are not met. If the bitlocker process cant save the recovery keys to the AD, should it present a GUI to the user asking for USB/print/local file? Is there anyway that the XDR agent is enabling the bitlocker and asking for a silent process? Tue, 11 Aug 2020 08:52:45 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/343223#M238 Bruno_Alipio 2020-08-11T08:52:45Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/371490#M422 <P>Hi Dfalcon,</P><P>&nbsp;</P><P>Is there a tool or some some log which can show, what prerequisites are not met? I have some PC's I think are compliant, but the <SPAN class="header-context-info"><SPAN class="grid-header-name-text ng-star-inserted">Disk Encryption Visibility</SPAN></SPAN> portal doesn't share my opinion. And I don't know what is the problem.</P> Wed, 09 Dec 2020 13:29:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bitlocker-recovery-keys-not-present/m-p/371490#M422 gbagita 2020-12-09T13:29:46Z