Do I need to suspend BitLocker for a Windows upgrade script?

You should definitely include a command to suspend BitLocker in your script. While the setup process typically takes care of suspending it automatically, it’s better to be explicit just in case. If you don't suspend it, you risk being prompted for the recovery key after an upgrade, which can be a headache. Just be sure to handle potential errors in case the suspension fails, and consider how many reboots your command will cover.

By default, any changes to the system will prompt for a BitLocker recovery key unless you explicitly suspend it at least once. So, if you haven’t told it to skip encryption, I recommend adding that to your script or using a RunOnce command for the first boot to avoid any future key prompts.

There’s a documented BitLocker switch that might be relevant for your script. Generally, the default setting should work fine, but you might want to include a way to suspend BitLocker to be safe. It’s all about making sure you don’t run into issues post-upgrade.

Just a tip regarding your script: I noticed one line might not pass the PSScriptAnalyzer tests. You could try modifying it to use a different method of getting the setup path. Here are a couple of alternatives you might want to consider!