Why should I use Active Directory for backup of BitLocker Drive Encryption recovery information?

Backing up recovery passwords for a Windows BitLocker Drive Encryption–protected disk volume allows administrators to recover the volume if it becomes locked. This ensures that the encrypted data on the volume is always accessible to the user and the organization.

Backing up the Trusted Platform Module (TPM) owner information for a computer allows administrators to locally and remotely configure the TPM security hardware on that computer.

Active Directory provides a central repository for information crucial to the operation of your network, and this can include recovery passwords for BitLocker-enabled drives in computers that are part of your Active Directory domain (or forest).

Access to objects in Active Directory is restricted by access control lists (ACLs) and can be audited.

In addition, you can use Group Policy to configure BitLocker so that recovery information is automatically saved to Active Directory.

For more information, see How do I use Active Directory for backup of BitLocker Drive Encryption recovery information?

Additional References