How to use BitLocker Drive Encryption on Windows 10
If you have a device with sensitive files, use this guide to use BitLocker encryption to add an extra layer of security to Windows 10.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
OnWindows 10, if you keep sensitive files on your device, it is crucial to take the necessary steps to protect them, and this is when BitLocker comes in handy. BitLocker is a feature that has been around for a long time and provides a way to encrypt data on the hard drive to prevent unauthorized access.
In a nutshell, encryption is the process of making any data unreadable without proper authorization. When you use encryption to scramble your data, it will continue to be unreadable even when sharing it with others. Only you, with the correct encryption key, can decrypt the data to make it usable.
If you’ve never used BitLocker, the feature offers two methods of encryption: hardware-based encryption using a Trusted Platform Module (TPM) chip and software-based encryption using a password or USB flash drive to decrypt the drive and continue booting. Also, the feature protects the data on the installation drive, secondary storage, and removable media with “BitLocker To Go.”
Thisguidewill walk you through setting up BitLocker on a computer to protect your sensitive files on Windows 10.
Before getting started with BitLocker
Here are a few details you need to know before using these instructions:
Although BitLocker does a good job securing your data, any system change carries risks. Before proceeding with this guide, you should create acomplete computer backup.
How to check if device has TPM support to use BitLocker
To check if a computer has TPM on Windows 10, use these steps:
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Quick note:The TPM version must be version 1.2 or later to support BitLocker.
Alternatively, you can check your manufacturer’s support website for details on whether the device includes the security hardware and the instructions to enable the security feature.
If you have aSurfacedevice, it likely includes a Trusted Platform Module with support for BitLocker encryption.
How to enable (hardware) BitLocker on system drive
To enable BitLocker on a device with TPM, use these steps:
After you complete the steps, the device will restart, BitLocker will enable, and you will not be prompted to enter a decryption password to continue starting Windows 10.
Although the device will boot quite fast, onControl Panel > System and Security > BitLocker Drive Encryption, you will notice that BitLocker will still be encrypting the drive. Depending on the option you selected and the drive size, this process can take a long time, but you can continue to work on the computer.
After the encryption process, the drive will include a lock icon, and the label will read"BitLocker on."
BitLocker options
Once the drive encryption is enabled, several options will become available, including:
How to enable (software) BitLocker on the operating system drive
If the computer does not have a Trusted Platform Module chip, you won’t be able to configure BitLocker on Windows 10. However, you can still use encryption if you use the Local Group Policy Editor to enable additional authentication at startup. Once the feature is enabled, you will need to provide a password or USB flash drive with the recovery key to unlock the drive and continue with the computer startup process.
Enable policy without TPM support
To configure BitLocker on devices without a TPM chip, use these steps.
Once you complete the steps, BitLocker can be configured on the computer to protect your data.
Enable BitLocker
To enable BitLocker on your device, use these steps:
After you complete the steps, the computer will restart, and BitLocker will prompt you to enter your encryption password to unlock the drive.
How to enable BitLocker on fixed data drives
To configure BitLocker on a secondary drive, use these steps:
Once you complete the steps, the drive will start using encryption. If the drive already had data, the process could take a long time to complete.
How to enable BitLocker To Go on removable drives
Alternatively, you can use the “BitLocker To Go” feature to encrypt removable drives (such as USB flash and external drives) connected to your computer.
To set up BitLocker To Go on a removable drive, use these steps:
After you complete the steps, the encryption process will begin on the removable drive.
When using encryption, always try to start with an empty drive to speed up the process. Then, the data will encrypt quickly and automatically. In addition, similar to the feature of the operating system drive, you will get the same additional options and a few more, including:
How to disable BitLocker on Windows 10
To remove the drive encryption, use these steps:
Once you complete the steps, the decryption process will begin, and it will take some time to complete depending on the amount of data.
More resources
For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:
Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.
