implementing-disk-encryption-with-bitlocker

Featured

Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Disk Encryption with BitLocker ## When to Use Use this skill when: - Encrypting Windows endpoints to protect data at rest for compliance (PCI DSS, HIPAA, GDPR) - Deploying BitLocker across enterprise fleet via Intune, SCCM, or GPO - Configuring TPM-based encryption with PIN or USB startup key for enhanced security - Managing BitLocker recovery keys in Active Directory or Azure AD **Do not use** this skill for Linux disk encryption (use LUKS/dm-crypt) or macOS (use FileVault). ## Prerequisites - Windows 10/11 Pro, Enterprise, or Education edition - TPM 2.0 chip (recommended; TPM 1.2 supported with limitations) - UEFI firmware with Secure Boot enabled (recommended) - Separate system partition (200 MB minimum, created automatically by Windows installer) - Active Directory or Azure AD for recovery key escrow ## Workflow ### Step 1: Verify TPM and System Requirements ```powershell # Check TPM status Get-Tpm # ManufacturerId, ManufacturerVersion, TpmPresent, TpmReady, TpmEnabled # Check TPM version (2.0 required for best compatibility) (Get-WmiObject -Namespace "root\cimv2\security\microsofttpm" -Class Win32_Tpm).SpecVersion # Check UEFI/Secure Boot Confirm-SecureBootUEFI # Returns True if Secure Boot is enabled # Check BitLocker readiness $vol = Get-BitLockerVolume -MountPoint "C:" $vol.VolumeStatus # Should be "FullyDecrypted" $vol.ProtectionStatus # Should be "Off" ``` ### Step 2: Configure BitLocker GPO Settings ``` Computer Configuration → Adminis...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-application-whitelisting-with-applocker

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-endpoint-dlp-controls

Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-anti-ransomware-group-policy

Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements AppLocker rules, Software Restriction Policies, Controlled Folder Access, attack surface reduction rules, and network protection settings. Activates for requests involving Windows GPO hardening against ransomware, AppLocker configuration, Controlled Folder Access setup, or endpoint protection via Group Policy.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-aes-encryption-for-data-at-rest

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This skill covers implementing AES-256 encryption in GCM m

13,115 Updated today
mukul975
AI & Automation Featured

configuring-windows-defender-advanced-settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

13,115 Updated today
mukul975