How to restore to a Bitlocker encrypted drive using Netbackup BMR (Bare Metal Restore)

Description

BitLocker is the brand name that Microsoft uses for the encryption tools available in business editions of Windows (desktop and server). 

On branded systems with pre-installed OS and those supporting Trusted Platform Module (TPM) capability, device encryption could be automatically enabled. On such systems, Windows Setup automatically creates the necessary partitions and initializes encryption on the operating system drive with a clear key, until a real key is generated when an admin user sign in using a Microsoft account (MSA). 

If you happen to sign-in using a local account on a device running a business edition of Windows 10, you need to use the BitLocker Management tools to enable encryption on available drives.

Most often, BitLocker is a set-it-and-forget-it feature. After you enable encryption for a drive, it does not require any maintenance. New files are automatically encrypted when you write them to a drive that uses BitLocker. However, from within the booted OS if you copy these files to another drive or a different PC, they are automatically decrypted.

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives such as internal hard drives.

Below is an example of BitLocker encrypted drives

Backup considerations:

In the above screenshot, both C and D drives are BitLocker encrypted, however drive D is explicitly set to a locked state (this is quite uncommon)
A backup done using Netbackup will be successful for the C drive but would fail for the D drive

Restore using BMR: 

BMR will restore unencrypted data to a BitLocker encrypted drive however the data will not encrypt automatically. The user has to manually re-encrypt the data using BitLocker administrative tools after the completion of BMR. The screenshot below shows the status of drives post restore.