Are you talking about upgrading Windows 10 to a new build? This doc covers the process (and special considerations) for deploying those build upgrades with Shavlik Protect/Ivanti Patch for Windows Servers:
Windows 10 Build Upgrade Deployment Support in Protect 9.2+ and Patch for Windows Server 9.3+
For BitLocker in particular, it does need to be disabled for this process to work properly since the machine has to be able to fully reboot on its own. We've definitely had a lot of customers use this method to upgrade, and really, as long as there's nothing external stopping it (like antivirus or something), it deploys pretty much like any other service pack or patch. I would recommend trying the process on one machine, just to make sure it works for you with all your software and environmental setup, then go ahead and open a support case if you run into any issues. We're happy to do whatever we can to make that work for you.
Thanks for that document, but there really needs to be more specific information about Bitlocker.
What if the pre-boot PIN authentication is not used? Can Bitlocker just be suspended? Or does it have to be disabled and the drives decrypted? Can that be done from a pre-deployment custom action?
We don't include specific information about BitLocker or other products mainly because that document just outlines known requirements for our part of the process, not vendor/product-specific details about what might get in the way. The document I linked is just intended as an overview of the process, since each environment is different and may encounter different obstacles. My hunch is that as long as the machine can boot by itself without any input/action from the user, it should probably work.
If you try it and it does not work as intended, we're more than happy to help you troubleshoot whatever may be stopping it if you'd like to open a support case. We just can't really maintain documentation on how our software might interact with each product from other vendors in various scenarios, since their products are generally outside the scope of our expertise.
I also forgot to mention, in regard to the pre-deployment custom action, you can run a batch file or PowerShell script from a custom action, so whatever you're able to do as the System account from either a command prompt or PowerShell session you should be able to do from a custom action. Like I mentioned before, we're happy to help in any way we can, so we'll do our best to help even in a custom scenario like this.