With Sophos Device Encryption, after installing drive encryption, every time you boot into Windows, you will always be asked to enter the previously configured Bitlocker password. If for some reason the user forgets this Bitlocker password, the admin can still let the user change the new password with the Recovery key.
This article will show you how to get Recovery Keys for users to log into the machine and change the Bitlocker password with Sophos Central Device Encryptions.
Step 1: Get the Recovery Key ID.
On the machine where the user forgot the Bitlocker password, press “ESC” on the keyboard to enter the Bitlocker Recovery section.
In Bitlocker Recovery. You just need to find the Recovery Key ID section with the ID as below.
Step 2: Retrieve Recovery key.
Login Sophos Central Admin > Encryption
There are 2 ways you can get the Recovery Key:
Option 1: Unable to identify the device
If you do not know which machine to change the Bitlocker password, because the number of machines is too large or the user does not remember the information. You can search with your existing Recovery ID.
On the Encryption Dashboard > select Get a recovery key.
Or from the Encrytion Dashboard > Computer > select Retrieve Recovery key.
Option 2: Identify the device
If you already have information about the user and device name to change the bitlocker password, you can select the device name in the Computer section, scroll down and select Retrieve Recovery key.
Ex: Computer named VM10-John-Test-11.
When the Retrieve Recovery Key table appears, enter the Recovery Key ID obtained in step 1, you only need to enter the first 5 characters, Sophos will automatically match with the existing ID.
Choose Show Key.
You just need to copy the Recovery Key for the logged in user.
On user machine, enter this Recovery Key and press Enter to be able to login to the machine.
Step 3: Change Bitlocker password.
After you have successfully logged into the machine, wait for a while the Sophos Device Encryption panel will appear asking you to enter a new Bitlocker Password. After entering, click Save new Password. The next time you log in, you will enter this new password.