Rotate BitLocker recovery passwords, delete used keys from Active Directory
6 mai 2024 à 17:47
For security reasons, it makes sense to replace the recovery password used to unlock an encrypted drive each time with a new one. This new password will be automatically stored in Active Directory with the appropriate BitLocker configuration. However, the old keys remain in the AD and can be deleted.