Enabling DEP on machines with Bitlocker triggers Bitlocker recovery key prompt
Just a heads up to the community:
Yesterday we enabled the security configuration "Data Execution Prevention is not enabled". The problem is most our machines had BitLocker enabled in the OS drive, protected by TPM.
Enabling or disabling DEP means the BCD (Boot Configuration Database) is modified, which leads to the user being asked for the BitLocker recovery key on the next reboot.
Of course this caused a little nightmare to our support team.