BitLocker will only prompt for a recovery key if it detects the device that the hard drive is in has changed. It's inconspicuous in day-to-day use (and it has nothing to do with being connected to the Internet or in Modern Standby mode).

The purpose is to protect the data when the drive is removed and put into another machine to be read. If someone steals your entire machine and knows the local login credentials, well you're on your own. If that's your fear maybe enable two-factor authentication (e.g. Windows Hello and a PIN).

Eric

On Wed, Jun 27, 2018 at 11:53 AM, Ken Dibble krdibble@stny.rr.com wrote:

Perhaps someone here can answer this question.

I have a Windows 10 Pro laptop. It is part of an Azure AD domain, in which InTune is being used for a variety of management functions. It is supposed to have Bitlocker full disk encryption enabled, and the Bitlocker key is stored in InTune.

I do not connect any cables to this laptop. I simply turn it on. I do not manually connect it to any wireless internet source. The machine displays a standard Windows 10 login screen. Having local admin credentials, I log in and get full access to the machine.

What is wrong with this picture?

As I understand Win 10 Bitlocker disk encryption, I don't need to supply pre-boot credentials if the computer can see the internet, or if the machine has "Modern Standby" enabled. I understand the latter to mean that the laptop has never been fully turned off since somebody unlocked the encryption.

If I am correct, since I did not connect the laptop to any internet source, yet I still am able to get into the machine using only the local admin credentials, if Bitlocker full-disk encryption is actually implemented, then the machine must be in "Modern Standby".

I don't use Windows 10 but to me this situation is analogous to having set up full disk encryption on a Win 7 box, submitted a PIN to get to the login screen, and then closed the lid to force hibernation mode. If I open the lid I don't need to put in the pre-boot PIN again but I have to log into Windows.

As I see it, if somebody steals this laptop as well as the local admin credentials, the alleged Bitlocker "full disk encryption" will do absolutely nothing to prevent the thief from gaining full control of the machine.

Is this correct, or am I, as is often the case, missing some crucial piece of information.

Thanks for any help.

Ken Dibble www.stic-cil.org

[excessive quoting removed by server]