Add Suspend BitLocker protection to Context Menu in Windows 11 – Windows Blog by Brink

Add Suspend BitLocker protection to Context Menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can use BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

You can temporarily suspend BitLocker protection (pause) whenever you like for an unlocked drive encrypted by BitLocker—for example, if you need to install new software that BitLocker might otherwise block—and then resume BitLocker protection on the drive again when you’re ready.

Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.

When you suspend BitLocker protection for an OS drive, it will remain unlocked and unprotected until you either manually resume BitLocker protection for the drive, or have it resume BitLocker protection automatically the next time you restart the PC.

When you suspend BitLocker protection for a fixed data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC.

When you suspend BitLocker protection for a removable data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC, or disconnect and reconnect the drive.

This tutorial will show you how to add Suspend BitLocker protection to the context menu of all unlocked drives encrypted by BitLocker for all users in Windows 10 and Windows 11.

Read more…