Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: HACKING
- FIX Available: YES
This Customer Check verifies whether regular users can read the Bitlocker keys.
Why this check?
Bitlocker is used to encrypt the hard drive of laptops. The purpose is to ensure that data on the hard drive of a laptop, for example in case of loss or theft, is unusable for an attacker.
Normally, any user can read their own Bitlocker key via myaccount.microsoft.com. However, this means that an attacker with access to the device AND the account of an employee can easily undo the encryption. Therefore, we advise blocking access to Bitlocker keys for 'regular' users.
In case of disruptions, administrators are still able to view the Bitlocker key.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: users CANNOT read the Bitlocker keys
- Warning: users CAN read the Bitlocker keys action from the customer is required
How should this be followed up?
If the check results in an output of Warning, we advise making Bitlocker keys unreadable for normal users.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.