logo
BitlockerDetails About Suspending and Resuming BitLocker

Details About Suspending and Resuming BitLocker

What is BitLocker suspend, and what are its application scenarios? How do you suspend and resume BitLocker protection? What happens when BitLocker is suspended? I look forward to your reply. Thank you in advance.

Benjamin Brown

Benjamin

Good questions. I will explain it in detail in this post.

BitLocker Suspend and Its Application Scenarios

BitLocker Suspend is a feature that temporarily disables encryption without decrypting the encrypted data. By using this feature, we can perform certain operations that might be recognized as tampering with the system by TPM, without the interruption of BitLocker, which can prevent potential issues that might arise from encryption.

Its applications scenarios include:

Updating system: When performing certain system updates, it's necessary to suspend BitLocker protection to prevent unexpected interruptions.

Updating BIOS/UEFI: Similarly, when updating BIOS/UEFI firmware, BitLocker protection should be suspended.

In the above situations, BitLocker protection may be suspended automatically to ensure the process is not interrupted by BitLocker.

Changing hardware: When changing hardware components such as the motherboard or hard drive, suspending BitLocker protection is necessary to avoid issues caused by BitLocker.

Other scenarios: Other situations may trigger BitLocker recovery mode.

How to Suspend and Resume BitLocker Protection

Note: This feature is only available on operating system drive.

Way 1: Through Control Panel

Step 1: Open the Control Panel.

Step 2: Navigate to Control Panel > System and Security > BitLocker Drive Encryption > Suspend protection.

suspend protection

Step 3: Click "Suspend protection" option, then click "Yes" button in the pop up window.

Step 4: A yellow warning sign will appear on the corresponding encrypted drive.

yellow warning icon after suspending

Step 5: If you want to resume manually, perform the same operations as above, then click "Resume protection" option to resume BitLocker protection.

Note: In this situation, the BitLocker protection will be resumed automatically the next time you restart your pc.

Way 2: Through PowerShell Commmand

Step 1: Right-click on Start menu and select Terminal(Admin) from the context menu.

Step 2: Type the following command to suspend the protection.

Suspend-BitLocker -MountPoint "C:" -RebootCount 0

// Replace the C with corresponding drive letter, and the "RebootCount 0" means the BitLocker suspend will last until you resume it manually.

Step 3: Once the operation is complete, running the following command to resume BitLocker protection manually.

Resume-BitLocker -MountPoint "C:"

Way 3: Through Command Prompt Command

Step 1: Open Command Prompt as administrator.

Step 2: Running the following command to suspend BitLocker protection.

Manage-bde –Protectors –Disable C: -RebootCount 0

Step 3: Running following command to resume BitLocker protection manually.

Manage-bde –Protectors -Enable C:

What Happens When BitLocker Is Suspended

When BitLocker is suspended, the data is still encrypted. The reason we can access data is that the BitLocker volume master key is encrypted with a clear key in this state. This makes the operating system bypass the encryption during operations, which prevents them from being disrupted by BitLocker. In this state, newly written data is still encrypted.

Conclusion

In summary, by suspending BitLocker protection, we can avoid interruptions caused by BitLocker when updating the system, upgrading firmware, or changing hardware. Furthermore, this feature saves time by avoiding the need to decrypt and re-encrypt the encrypted drive. Consider using this feature when you upgrade your devices with BitLocker protection.

People Also Ask

Why is BitLocker disabled after formatting the flash drive?

BitLocker only encrypts file system, instead of the physical hardware. It prevents others from stealing the contents of the files on the encrypted hard drive. When you format flash drive, as there’s no encrypted data to protect, of course the BitLocker is no longer required.

author Lydia

What is TPM and PIN and Startup key protection for BitLocker? How to set it?

Microsoft BitLocker does offer a variety of authentication mechanisms for us, and the mode you select, combining three of common modes, indeed provides the highest level of security.

author Lydia

Is It Necessary to Regularly Update the BitLocker Recovery Key?

Should I update the BitLocker recovery key regularly, or does it update automatically? If it doesn't update automatically, how can I update it manually?

Benjamin Benjamin

What Is BitLocker Recovery Key?

What is a BitLocker recovery key, and how can I use it? What is its main role in BitLocker drive encryption, and where can I find it? This post will explain everything you need to know.

Benjamin Benjamin