- It is integrated with the hardware, via use of TPM
- It is also integrated with the Windows operating system and thus:
- It is free!
Protects employee and enterprise data in case of loss of a laptop. Fills in part of an enterprise-wide security strategy.
Remote management (e.g., enable/disable, reset, etc.) of PIN codes and recovery keys would be a nice feature.
I've used this solution for more than five years.
No, very few issues.
No, it is a very light feature towards infrastructure requirements. Having an AD infrastructure is sufficient.
Engineering and testing took about 10 days and was medium level complexity.
It is free.
No. Other options would introduce a licensing cost, extra infrastructure, and operational procedures, so in general, more costly.
It is enhanced in Windows 10, supports PIN self-service and better encryption methods.
Start experimenting in the lab to understand the hardware integration (TPM), encryption methods and (optional) PIN management.
Fix your solution before rolling out, because changing parameters (like encryption) on computers where BitLocker is active is a heavy process in terms of time (decrypt/change/encrypt, etc.).