Why is BitLocker decrypting my drive after installing MDM?

Last updated: March 31, 2025

Context

After installing Mobile Device Management (MDM) on a system that already has BitLocker encryption enabled, users may notice that their drive begins to decrypt automatically.

Answer

This behavior is normal and expected. When MDM is installed on a system that already has BitLocker encryption, the system needs to temporarily decrypt the drive to re-encrypt it with a new key that will be stored in the MDM's key escrow system.

Important: Do not interrupt or shut down your computer during the decryption/re-encryption process as this could lead to data corruption.

The process will:

  1. Automatically decrypt the existing BitLocker encryption

  2. Generate new encryption keys that will be stored in the MDM system

  3. Re-encrypt the drive with the new keys

This process ensures that your IT department has access to recovery keys through the MDM system, which is essential for enterprise management and recovery scenarios.