Written byAmanda Wong
What You Should Know About BitLocker Automatic Device Encryption
Summary: This post elaborates on BitLocker automatic device encryption, including what it is, how it works, how to activate and disable it, etc. It also explains why some Windows users found their drives encrypted automatically without the user's knowledge. Plus how to find the recovery key.
I have two Dell laptops, both the same models: Inspiron 15-3567. They both have Windows 10 on them. All I want to do is replace the original mechanical hdds from each of them with ssds. I put them in my Windows 7 PC to prepare them for the clone to the SSDs, and Windows 7 tells me the drives are both encrypted with BitLocker, and that I need to use my recovery key.
First off, I never installed BitlLocker on the laptops, and I contacted Dell and they claimed they do not pre-format them with BitLocker enabled or encrypted. So does Windows 10 automatically enable or encrypt your drives now without the user's knowledge? I assume it's safe to turn it off in settings and continue with my upgrade, but I'm still shocked this was enabled already.
Quite a few Windows users have encountered the same issue in the above case. They could see the BitLocker recovery screen which asks for entering the BitLocker recovery key. But they thought that they haven't enabled BitLocker at all. This may relate to BitLocker automatic device encryption, read on to know more.
Table of Contents:
- 1. What is BitLocker automatic device encryption
- 2. Requirements for BitLocker device encryption
- 3. How to enable and disable BitLocker device encryption
- 4. How to find recovery key of automatic device encryption
What is BitLocker automatic device encryption
Device encryption is a feature-limited version of BitLocker. It starts on the supported device when you set up it for the first time and automatically encrypts the internal drive when you sign in with a Microsoft Account or an Azure Active Directory account. And the whole process is without the user's intervention.
Unlike BitLocker drive encryption which can encrypt the full disk, BitLocker device encryption only encrypts the system drive and secondary drives. It saves the recovery key to either the Microsoft account or Active Directory, making it to be accessed from any computer.
Requirements for BitLocker device encryption
BitLocker device encryption is available on Windows 8.1, Windows 10, and Windows 11, even if the Home version of Windows 10/11, while BitLocker on Windows 10 Home is not supported. And your device should meet some requirements so that you can use device encryption, including:
- The device contains a TPM, either TPM 1.2 or TPM 2.0.
- UEFI Secure Boot is activated.
- Platform Secure Boot is enabled.
- Direct memory access (DMA) protection is on.
- Modern Standby requirements or HSTI validation is met.
And the Bitlocker drive encryption is automatically enabled on supported devices running Windows 10 and newer during the out-of-box experience and signing into a personal Microsoft account (such as @outlook.com or @hotmail.com) or your work or school account.
If you think the requirements listed above are too professional to understand and verify, there is an easy way to check if BitLocker device encryption is available on your computer, follow the steps below:
- Select the Start menu, and type System Information.
- Right-click System Information and choose Run as administrator.
- On the new window, find Device Encryption Support at the bottom.
- Check the value, if it says Meets prerequisites, then device encryption is available on your device.
How to enable and disable BitLocker device encryption
Even if BitLocker device encryption is available on your Windows computer, it will not automatically encrypt the drive if you log in with a local account during the setup process(also a way to prevent BitLocker from automatically turning on), then, you can manually enable BitLocker device encryption if you need.
- Sign in to Windows with an administrator account.
- Click the Start button, then choose Settings > Update & Security > Device encryption.
- If device encryption is turned off, select Turn on.
To disable BitLocker device encryption, just follow the same steps as above and click the Turn off button.
How to find recovery key of automatic device encryption
Both the BitLocker drive encryption and automatic device encryption generate a BitLocker recovery key to unlock the encrypted drive when other authentication methods fail. Only enter the correct BitLocker recovery key, and the drive data could be readable.
BitLocker drive encryption will ask you to choose a way to save the recovery key so that you know where to find it. However, device encryption is automatically enabled when it meets the requirements we mentioned above and the user is unaware of the entire process, so they even don't know the device encryption has been turned on. That's why some users are puzzled when a BitLocker recovery key is needed to access the drive data.
Given that it is associated with your Microsoft account or an Azure Active Directory account, that is where your recovery key is stored. You can log into your Microsoft account on another computer to get the recovery key or access your Azure Active Directory account to recover the key.
After reading this post, you could have a deep understanding of the BitLocker automatic device encryption. If you are unexpectedly asked to enter the BitLocker recovery key while you think you haven't enabled it, it is most likely that the device encryption is automatically turned on. Now, you know how to enable and disable BitLocker decide encryption and how to get the recovery key of automatic device encryption.
Share this informative post with more people!