Enabling DEP on machines with Bitlocker triggers Bitlocker recovery key prompt

Enabling DEP on machines with Bitlocker triggers Bitlocker recovery key prompt

Just a heads up to the community:

Yesterday we enabled the security configuration "Data Execution Prevention is not enabled". The problem is most our machines had BitLocker enabled in the OS drive, protected by TPM.

Enabling or disabling DEP means the BCD (Boot Configuration Database) is modified, which leads to the user being asked for the BitLocker recovery key on the next reboot.

Of course this caused a little nightmare to our support team.