Windows device encryption via BitLocker
Device encryption on Windows computers is provided via a program called BitLocker. BitLocker fully encrypts the entire hard disk, including the operating system.
All Windows computers that are registered to connect to the Trinity College data network, are automatically encrypted as part of the network onboarding process.
Once BitLocker is enabled on your Windows device your login experience will not change. You will continue to log in as normal unless you are using an older laptop/desktop, which will require a pre-boot password.
Accessing encryption recovery keys
In certain scenarios you may need to access the encryption recovery key for the device.
Depending on how your device is managed, encryption recovery keys are accessible via one of two ways.
- If your device encryption is managed via Trellix, then you should contact the IT Service Desk to access the recovery key.
- If your device encryption is managed via Microsoft Intune, then your recovery key will be available by contacting the IT Service Desk or via your online Microsoft 365 account. To access the recovery key via your Microsoft 365 account:
- Sign into portal.manage.microsoft.com using your Trinity email address and password
- Go to Devices and select the Windows device that is encrypted with BitLocker
- Select Get recovery key followed by Show recovery key
- You can then copy your recovery key from the screen
IT Services may not be able to retrieve an encryption recovery key (for a device that has encryption managed via Trellix) if a computer does not check into our systems for over 8 months.
Computers that are not being actively used but which may be used again in future should be logged into at least once per month to ensure they are kept active on our systems and are up-to-date for operating system and anti-virus updates.
Leaving Trinity and Uninstalling BitLocker
If the encrypted device is your own personal computer and you are planning to take that computer with you when you leave Trinity, then you should contact the IT Service Desk so that the encryption can be removed.
If the encrypted device is a Trinity owned computer and will be handed back to your department once you leave, then the encryption does not need to be removed.
BitLocker Pre-Boot Password
Staff that are currently using laptops/desktops purchased before 2018 may be required to set up and use a pre-boot password.
- When IT Services enable encryption on your device you will receive the below prompt.
Important: Once this password is created it will remain unchanged unless you manually update it. It will not be synced with your normal Windows password.
- Next time you start your computer you will be presented with the below screen where you will have to enter the password you created in step 1.
Backing up your data
Please note that encrypting a device does not backup your data. All users are still responsible for backing up the data on the computers they use.
OneDrive can be used for personal backup and SharePoint for any departmental files.
Further help
If you have further queries regarding this service, please see the FAQ page. If you still require assistance, please contact the IT Service Desk.