Flexible Security For Your Peace of Mind
  • Pricing
  • Specops Software Blog
  • About
    • Company
    • Partners
    • Careers
    • News
  • English
  • Deutsch
  • Français
  • English
site logo
  • Products
      • Password Policy
        • red-cross@2x-150×150-1Block weak passwords
        • teal-check@2x-150×150-1Create compliant password policies
        • entropy@2x-150×150-1Target password entropy
      • Password Reset
        • mfa password iconMulti-factor identity verification
        • Enrollment-enforcement-150×150-1Password reset for remote users
        • Enrollment-enforcemnt-150×150-1Experience uReset Tool
      • Key Recovery
        • service-key-150×150-1Self-service for BitLocker
        • key-recovery-150×150-1Self-service for Symantec Endpoint Encryption
        • mfa-pre-enrollment-150×150-1MFA with pre‑enrollment
      • Secure Service Desk
        • icon-verify-user-identity-150×150-1Verify user identity
        • shield with crossEnforce user authentication
        • icon-unlock-accounts-150×150-1Unlock accounts and reset passwords
      • Freeware
        • password-auditor-icon-150×150-1Password Auditor
        • password-notification-icon-150×150-1Password Notification
        • gpupdate-icon-150×150-1Gpupdate
      • Other
        • password-sync-icon-150×150-1Password Sync
        • ad-janitor-icon-150×150-1Active Directory Janitor
        • lifecycle-management-icon-150×150-1Deployment
  • Resources
    • Datasheets
    • Videos
    • Whitepapers
    • Case Studies
    • Reviews
  • Support
  • Contact Us
  • Pricing
  • Specops Software Blog
  • About
    • Company
    • Partners
    • Careers
    • News
  • English
    • Facebook
    • Twitter
    • Youtube
    • Linkedin
    • Instagram
    ×
  • Select language
  • Deutsch
  • Français
  • English
Datasheets

Specops Key Recovery Datasheet

Download PDF

Do you want users to unlock their computers without calling the helpdesk?

Contact Us

Specops Key Recovery is a self-service solution for unlocking computers encrypted by Microsoft BitLocker and Symantec Endpoint Encryption. A user who is locked out at the pre-boot authentication screen can use Specops Key Recovery to unlock their computer, without calling the helpdesk. For added security, users are verified with multi-factor authentication. The solution supports a number of authentication factors, including Duo Security, Symantec VIP, Okta, PingID and YubiKey.

To protect corporate data and address regulatory requirements, organizations are increasingly turning to endpoint encryption solutions. Encryption at the hardware level of a storage device, commonly referred to as full-disk encryption (FDE), protects confidential information from unauthorized access.

FDE solutions, such as BitLocker and Symantec Endpoint Encryption, create a pre-boot authentication environment that require a secret key when the computer is started, or when a lockout is triggered. Without a self-service recovery solution, FDE will drive calls to the helpdesk.

Features

BitLocker Alone BitLocker with Specops Symantec Endpoint Encryption Alone Symantec Endpoint Encryption with Specops
Self-service key recovery Yes (MBAM integrated with SCCM) Yes Yes Yes
Remote self-service key recovery No Yes No Yes
Multi-factor authentication No Yes (20+ identity providers) No (security questions) Yes (20+ identity providers)
Integration with self-service password reset No Yes, with Specops uReset No Yes, with Specops uReset

How does it work?

You can configure Specops Key Recovery by installing the Gatekeeper component in your organization’s corporate network. The Gatekeeper will access Symantec Endpoint Encryption and/or BitLocker to relay recovery keys for end users. The recovery key is encrypted inside the corporate network, and decrypted once it reaches the user’s device. Specops Key Recovery does not access sensitive resources from Symantec Endpoint Encryption, or BitLocker.

When a user attempts a self-driven key recovery, Specops Key Recovery will prompt the user to authenticate with the identity service(s) from their enrollment. The enrollment data is stored on a sub-object of their user account in the on-premises Active Directory.

What does it look like?

Specops Key Recovery enhances security by extending multi-factor authentication to self-service key recovery. There are 20+ identity services available to ensure that you can select the best options for your users. However, since not all identity services are equally secure, administrators can assign each identity service a trust value, based on their perceived level of security. The trust assignment is managed via stars, as shown in the administrator view to the right.

What does it look like for end users?

After verifying their identity via the methods configured by their administrator, the end user can follow the steps on screen to finish the recovery key process, as shown on the right. The end-user friendly instruction found within Specops Key Recovery helps minimize encryption lockout calls to the service desk.

Why customers choose Specops


Really great product
 “Overall, I think that Specops Key Recovery is a really great product that will go a long way toward helping organizations prevent BitLocker-related data loss.”
     – Brien Posey, Microsoft MVP, Techgenix review

Really impressed with the management portal and support

“I was impressed with Specops Key Recovery for BitLocker, the management portal, and the support I received.”
     – Robert Pearman, Microsoft MVP, 4sysops review

Get a Demo of Specops Key Recovery

Interested to see how Specops Key Recovery can work in your organization? Click here to start a demo or trial today.

  • Products
  • Resources
  • Support
  • Specops Software Blog
  • About
  • Contact Us
  • Twitter
  • Youtube
  • Linkedin
  • Instagram

© 2023 Specops Software. All rights reserved.

  • Privacy and Data Policy

This website uses cookies to ensure you get the best experience on our website. Learn more

Got It!