Question Why is Bitlocker usually used withougt PIN?

[Rodion15]

I really don't understand the advantage of using BitLocker with TPM without a PIN (so that Windows starts and automatically goes to the login screen, without prompting for a PIN), most company users I know do that, even Microsoft 365 and Intune encourages that. The only benefit I can see is a fairly minor one: if someone steals the computer and, rather than simply turning it on and using a known workaround to enable the built-in administrator account, they instead open the device, remove the drive, and attempt to read it in another computer. In that case, they wouldn’t be able to access the data. But realistically, no attacker is likely to take that approach, since most would know how to do something as basic as enabling the built-in administrator account.

Any opinions much appreciated 😉

 

[Cilantro7536]

My opinion:

• Microsoft set this up as the default. It's also a setup less likely for the user to lose access to their computer right away due to forgetting the BitLocker PIN.
• The company may change the default admin password right away, making this less imperative.

All in all, though, BitLocker without a PIN is an SSD/HDD-level protection only. If you can boot to the login screen, government/mafia tools like Cellebrite will most likely be able to get around the login screen.