We are currently looking into setting up GPO for Windows Updates, as the feature updates require multiple reboots, every reboot will require the enter of the Bitlocker PIN.
Is there a way to suspend Bitlocker so this can happen? Not sure if it can be link to our GPO?
Kind regards, Dan
I'd also add Dan - 1803 onwards is 100% BL aware. Link here for more details...
Note this DOES need the correct config though - like secure boot enabled?
Yes all of ours are Secure Boot enabled, but is that using Windows Bitlocker and not Bitlocker through SSG?
I'm not sure how you intend to roll out the update (and from what from to versions) but it's just an additional command/string on setup? Yes this would be Windows Bitlocker management - but its the same thing. There is no Sophos SafeGuard Bitlocker as such.
OK thanks, sorry I got confused, so our Windows Updates are going to be rolled out via Group Policy every Tuesday which is Microsoft's "Patch Tuesday", the feature updates we are going to delay a month, so assuming they are Secure Boot enabled, and are on 1803 onwards, they should automatically suspend without and new policies added on SSG?
Is the auto suspend for BitLocker just on features updates? Or can it be done on normal updates?