|Manage full disk encryption / BitLocker Drive Encryption|
BitLocker Drive Encryption offers a range of authentication options, for boot volumes as well as for non-boot volumes.
The security officer can set the various logon modes in a policy in the SafeGuard Management Center and distribute it to the BitLocker endpoints.
The following logon modes exist for SafeGuard Enterprise BitLocker users:
TPM: The key for logon is stored on the TPM (Trusted Platform Module) chip.
TPM + PIN: The key for logon is stored on the TPM chip and a PIN is also required for logon.
TPM + Startup Key: The key for logon is stored on the TPM chip and on a USB memory stick. Both are needed for logon.
Password: The user will be required to enter a password.
Startup Key: The key for logon is stored on a USB memory stick.
Auto-Unlock: If the boot volume is encrypted, an external key is created and stored on the boot volume. The non-boot volume(s) will then be encrypted automatically. They will be unlocked automatically using the auto-unlock functionality provided by BitLocker.
For more information on setting logon modes in a policy, please see Authentication.