Skip to content
Supported migration paths

Migrate BitLocker key management

On Windows computers with SafeGuard Enterprise BitLocker, encrypted volumes remain encrypted when you uninstall the SafeGuard Enterprise client. You're only removing BitLocker management.

We recommend migrating recovery key management to another application before uninstalling the SafeGuard Enterprise Windows client.

You can do one of the following:

  • Migrate to Sophos Central Device Encryption (recommended). See Migrate from SafeGuard Enterprise BitLocker.
  • Migrate to a third-party BitLocker management application.
  • Store the recovery keys in Active Directory and manage them manually.
  • Turn off BitLocker.

If you decide not to migrate to Sophos Central Device Encryption, note that you can't bulk export recovery keys in SafeGuard Management Center. We recommend using the manage-bde -protectors Windows command to view the recovery keys or store them in Active Directory. See the Microsoft document manage-bde protectors.

For general information on BitLocker management, see the Microsoft document BitLocker Management for Enterprises.