Home > Wiki Tips

How to Use BitLocker Drive Encryption on Windows 11/10

Updated on Thursday, November 14, 2024

iBoysoft author Amanda Wong

Written by

Amanda Wong
Professional tech editor

Approved by

Jessica Shee

English

Summary: This is a full guide on BitLocker. After reading, you will know how to use BitLocker to encrypt your internal drives and use BitLocker to go to encrypt your external drives.

BitLocker drive encryption

BitLocker is a full-disk encryption feature for Windows. It can protect your data by encrypting the whole volume and preventing unauthorized access. Only the encryption key or recovery key can make the data readable.

If you want to ensure the security of the data you stored on the disk, you can enable BitLocker on your computer to encrypt all contents. Whether it is the operating system drive or removable drives, you can follow the detailed operations to apply BitLocker drive encryption.

Only the computer running in the OS below can use BitLocker, including:

  • Ultimate and Enterprise editions of Windows Vista and Windows 7;
  • Pro and Enterprise editions of Windows 8 and 8.1;
  • Pro, Enterprise, and Education editions of Windows 10;
  • Windows Server 2008 and later;

Requirements to use BitLocker

To run BitLocker on your computer, you need to check the requirements listed below:

  • BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. You can check whether your computer is TPM-supported by heading to Start > Device Manager > Security devices.
  • If your computer is not TPM-supported, you are allowed to enable BitLocker by using the Local Group Policy Editor.
  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware is required for a computer with TPM but not for a computer without TPM. Computer firmware must support TPM or USB devices during startup.
  • There must be at least 2 partitions on the hard drive, including the operating system drive with the supported files to start the system and the system drive with the Windows 10 installation. The hard drive must be formatted with the NTFS file system.
  • By default, BitLocker is not available on Mac. If you want to encrypt drives with BitLocker on Mac or read and write BitLocker-encrypted drives on Mac, a professional BitLocker for Mac can help you use all BitLocker features without any limitation.

How to enable BitLocker on the operating system drive

Regardless of whether there is a TPM chip on your computer, you can use BitLocker to encrypt the operating system drive. For a device without TPM, you must first enable policy without TPM support.

To enable BitLocker on a device with TPM:

  1. Select the Start button > Control Panel > System and Security > BitLocker Drive Encryption.
  2. Under the "Operating system drive" section, click the Turn on BitLocker option.
  3. Select a way to save the recovery key.
  4. Select how much the drive space to encrypt.choose how much drive encrypt option
  5. Choose an encryption mode to use.choose an encryption mode
  6. Check the Run BitLocker system check option.
  7. Click the Continue button, then click to restart.

To enable BitLocker on a device without TPM:

  1. Select the Start button and search for gpedit, then select the Local Group Policy Editor.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. Double-click the Require additional authentication at startup policy, then select the Enabled option.
  4. Check the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” option. 
    enable BitLocker gpedit policy
  5. Click Apply, then click OK.
  6. Select the Start button > Control Panel > System and Security > BitLocker Drive Encryption.
  7. Under the "Operating system drive" section, click the Turn on BitLocker option.
  8. Select the encryption to unlock method, a USB, or a password.choose an unlock method
  9. Create and confirm the password.
  10. Select a way to save the recovery key.
  11. Select how much the drive space to encrypt.
  12. Choose an encryption mode to use.
  13. Check the Run BitLocker system check option.
  14. Click the Continue button, then click to restart.

How to enable BitLocker To Go on removable drives

In addition to internal drives on Windows 10, removable drives can also be encrypted. BitLocker To Go meets your needs to encrypt all kinds of external drives to keep your files secure. Just follow the steps to enable it.

  1. Select the Start button > Control Panel > System and Security > BitLocker Drive Encryption.
  2. Under the "BitLocker To Go" section, select the removable drive you want to encrypt.
  3. Click the Turn on BitLocker option.
  4. Check the Use a password to unlock the drive option and create a password.
  5. Select a way to save the recovery key.
  6. Select how much the drive space to encrypt.
  7. Choose an encryption mode to use.
  8. Click the Start encrypting button.
  9. Click the Close button.

use BitLocker To Go

What if you delete files from BitLocker encrypted drives by mistake? Relax! iBoysoft BitLocker Data Recovery can help you recover deleted files as long as they haven't been overwritten. Files, photos, videos, and emails are all supported.

BitLocker recovery key

After you turn on BitLocker drive encryption on your computer, a BitLocker drive encryption recovery key will be generated automatically. It is a unique 48-digit numerical password.

The BitLocker recovery key is used to unlock your system in the event that you forget your PIN password, your computer enters into BitLocker recovery mode due to unrecognized access, or you insert the BitLocker-enabled hard drive into another computer

You must keep the BitLocker recovery key in a safe place. Once you forget your password and lose the recovery key, you are unable to access your data. You can save the recovery key to your Microsoft email, to a file, or print it. It's better to save the recovery key in more than one way for double insurance.

What is BitLocker recovery

BitLocker recovery mode is a protection program. When BitLocker is unable to confirm whether the access is authorized, it will trigger the program to enter into BitLocker recovery mode.

Many events could cause BitLocker to enter into the recovery mode, including detecting an attack, updating TPM firmware, making changes to the NTFS partition, etc.

After your computer enters into BitLocker recovery mode, you can restore access to your drive again in three ways:

  • The user can supply the recovery password.
  • A data recovery agent can use their credentials to unlock the drive.
  • A domain administrator can obtain the recovery password from AD DS(Active Directory Domain Services) and use it to unlock the drive.

How can I unlock BitLocker without password and recovery key

There is no way to unlock BitLocker without a password and recovery key. If you forget both the password and recovery key, you will never be able to access the encrypted data. To continue to use the drive, you can reformat the BitLocker drive to erase the encryption. However, all the data will be lost.

How to disable BitLocker on Windows

When you don't need BitLocker drive encryption, you can turn it off. Then all the data will be decrypted.

  1. Open Start.
  2. Search for Control Panel and click the top result to open the app.
  3. Click on System and Security > BitLocker Drive Encryption.
  4. Click the Turn off BitLocker option for the drive you want to remove the encryption.
  5. Click the Turn off BitLocker button.

People Also Ask

Read More Questions