How To configure BitLocker drive encryption on Windows 10

BitLocker Drive Encryption is a full-disk encryption feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method. Microsoft Added this feature on selected editions of windows ( On windows pro and std editions )Starting form Windows vista Also its included on windows 10 computers. This feature is designed to protect data by providing encryption for entire volumes. Encryption is a method of making readable information unrecognizable to unauthorized users. Windows 10 includes different types of encryption technologies, the Encrypting File System (EFS) and BitLocker Drive Encryption. When you encrypt your information, it remains usable even when you share it with other users. For Ex : If you send an encrypted Word document to a friend, they will need first to decrypt it.

Note : BitLocker Is not available on window Home and stater editions. This Feature Only Included on Professional, Ultimate and Enterprise editions of Microsoft Windows.

Currently there are two types of BitLocker encryption you can use

BitLocker Drive Encryption This is a “full-disk encryption” feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method

BitLocker To Go: External drives, such as USB flash drives and external hard drives, can be encrypted with BitLocker To Go. You’ll be prompted for your unlock method when you connect the drive to your computer. If someone doesn’t have the unlock method, they can’t access the files on the drive.

Pre Check for Configure BitLocker Feature

• BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise.

• Your computer’s BIOS must support TPM or USB devices during startup. If this isn’t the case, you’ll need to check your PC manufacturer’s support website to get the latest firmware update for your BIOS before trying to set up BitLocker.

• The process to encrypt an entire hard drive isn’t difficult, but it’s time-consuming. Depending the amount of data and size of the drive, it can take a very long time.

• Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.

Configure BitLocker drive encryption on Windows 10

In order to enable And configure BitLocker drive encryption feature on Windows 10. First click on Start menu search and type control pane. Here on control panel click on System And Security. Here you will see the option BitLocker Drive Encryption Click on it. This will open the BitLocker Drive Encryption Window.

open-Bitlocker-Drive-Encryption

Here Click Turn on BitLocker Bellow to Operating System Drive. If the PC you’re enabling BitLocker on doesn’t have a Trusted Platform Module (TPM), you’ll see a message saying

This Device Can’t use a Trusted Platform Module. your administrator must set the “Allow BitLocker without a compatible TPM” option in the required Additional authentication at startup policy for OS Volumes.

This-device-cannot-use-trusted-platform-module-error

BitLocker Drive Encryption normally requires a computer with a TPM ( Trusted Platform Module ) to secure an operating system drive. This is a microchip built into the computer, installed on the motherboard. BitLocker can store the encryption keys here, which is more secure than simply storing them on the computer’s data drive. The TPM will only provide the encryption keys after verifying the state of the computer. An attacker can’t just rip out your computer’s hard disk or create an image of an encrypted disk and decrypt it on another computer.

Configure BitLocker Without TPM chip

You change a setting in the Windows 10 group policy editor to use BitLocker disk encryption with passwords. And Bypass the Error This Device Can’t use a Trusted Platform Module.

To Do This Type gpedit in the Windows 10 Taskbar search and select Edit group policy.

In the Windows 10 group policy editor opens, Navigate to following:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

Here double click on Require additional authentication at startup in the main window. Pay attention to choose the right option as there is another similar entry for (Windows Server).

Allow-BitLocker-without-compatible-TPM

Select Enabled in the upper left and activate Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) below.
After that click apply and ok to make save changes. Update the Group policy to take effect changes immediately. to do this press Win + R on run Type gpupdate / force and hit enter key.

Update-group-policy

Continue After by pass TPM Error

Now Again Come to BitLocker Drive Encryption Window and click BitLocker Drive Encryption. This time you didn’t face any error and the setup wizard will start. Here when prompted to choose “How to unlock your drive at startup”, select Enter a Password option or you can use a USB drive to Unlock the drive at startup.

Choose-how-to-unlock-your-drive-at-startup

Here If you select Enter a password Every time you start the system you need to enter password. And if select insert the USB drive the every time you need to insert the USB drive to unlock the system.

Create password for Bitlocker

Click Enter a password option and Create a Password. (Choose a secure password consisting of big and small characters, numbers and special characters. Make sure not to use the similar password you use for other accounts ) And type the same password on Re-enter your password tab click next.

Create-passwprd-to-unlock-This-Drive

Now on next screen Choose how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy.

Backup-Recovery-Key-options

It is strongly recommended to Save to USB flash drive and to Print it.

save-recovery-key-to-usb-Drive

When ready click Next. On Next Window You have two choices when encrypting your local disk if it is a new computer just pulled out of the box, use the Encrypt used disk space only. If it’s already in use, choose the second option Encrypt entire drive.

Choose-How-much-of-your-drive-to-encrypt

Since I was already using this computer, I will go with the second option. Note, it will take some time especially if it’s a large drive. Make sure your computer is on UPS power in case of a power failure. Click next to continue. On next Screen Choose between the two encryption options:

New encryption mode (best for fixed drives on this device)

Compatible mode (best for drives that can be moved from this device)

Make sure to check the Run BitLocker system check option to avoid from any data loss , and click Continue.

Ready-to-encrypt-this-device

Bitlocker Drive Encryption process

when you click on Continue Bitlocker prompt to Reboot Windows 10 to finish the setup and begin encryption.

Encryption-will-begin-after-computer-Restart

Remove If any CD/ DVD disks that are in the computer, Save if any working windows opened and click Restart windows.

Now On Next Boot At Start up BitLocker Will Ask for Password Which you set during BitLocker Configuration. Put the password and hit enter key.

bitlocker-password-startup

After logging into Windows 10, you will notice there is not much happening.To find out the status of encryption.double-clicking on the BitLocker symbol in your taskbar.

Drive-encryption-process

You will see the current status which is C: BitLocker Encrypting 3.1 % completed. This will take some time, so you can continue using your computer while encryption takes place in the background, you’ll be notified when it is complete.

When BitLocker Encryption is finished, you can use your computer as you normally do. Any content created in addition to your communications will be secured.

Manage BitLocker

If at any time you would like to suspend encryption, you can do so from the BitLocker Encryption Control Panel item. or you can simply Right click on the encrypted Drive and select Manage BitLocker.

manage-bitlocker

When you click on it this will open the BitLocker Drive Encryption window where you find bellow options.

• Back up your recovery key: If you lose your recovery key, and you’re still signed into your account, you can use this option to create a new backup of the key

• Change password: You can use this option to create a new encryption password, but you’ll still need to supply the current password to make the change.

• Remove password: You can’t use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.

• Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files. However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.

manage-bitlocker-advanced-options

That’s all about windows 10 bitlocker drive encryption feature, hope you find this helpful. Have any query, suggestion Feel free to comment bellow.

SHARE