How To configure BitLocker drive encryption on Windows 10
BitLocker Drive Encryption is a full-disk encryption feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method. Microsoft Added this feature on selected editions of windows (On windows pro and std editions )Starting from Windows Vista Also it’s included on Windows 10 computers. This feature is designed to protect data by providing encryption for entire volumes. Encryption is a method of making readable information unrecognizable to unauthorized users. Windows 10 includes different types of encryption technologies, the Encrypting File System (EFS) and BitLocker Drive Encryption. When you encrypt your information, it remains usable even when you share it with other users. For Example: If you send an encrypted Word document to a friend, they will need first to decrypt it.
Note: BitLocker Is not available on window Home and stater editions. This Feature Only Included on Professional, Ultimate and Enterprise editions of Microsoft Windows.
Currently, there are two types of BitLocker encryption you can use
- BitLocker Drive Encryption This is a “full-disk encryption” feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method.
- BitLocker To Go: External drives, such as USB flash drives and external hard drives, can be encrypted with BitLocker To Go. You’ll be prompted for your unlock method when you connect the drive to your computer. If someone doesn’t have the unlock method, they can’t access the files on the drive.
Pre Check for Configure BitLocker Feature
- BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise.
- Your computer’s BIOS must support TPM or USB devices during startup. If this isn’t the case, you’ll need to check your PC manufacturer’s support website to get the latest firmware update for your BIOS before trying to set up BitLocker.
- The process to encrypt an entire hard drive isn’t difficult, but it’s time-consuming. Depending on the amount of data and size of the drive, it can take a very long time.
- Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.
Configure BitLocker drive encryption on Windows 10
In order to enable And configure the BitLocker drive encryption feature on Windows 10. First click on Start menu search and type control panel. Here on the control panel click on System And Security. Here you will see the option BitLocker Drive Encryption Click on it. This will open the BitLocker Drive Encryption Window.
Here Click Turn on BitLocker Bellow to Operating System Drive. If the PC you’re enabling BitLocker on doesn’t have a Trusted Platform Module (TPM), you’ll see a message saying
This Device Can’t use a Trusted Platform Module. your administrator must set the “Allow BitLocker without a compatible TPM” option in the required Additional authentication at startup policy for OS Volumes.
BitLocker Drive Encryption normally requires a computer with a TPM ( Trusted Platform Module ) to secure an operating system drive. This is a microchip built into the computer, installed on the motherboard. BitLocker can store the encryption keys here, which is more secure than simply storing them on the computer’s data drive. The TPM will only provide the encryption keys after verifying the state of the computer. An attacker can’t just rip out your computer’s hard disk or create an image of an encrypted disk and decrypt it on another computer.
Configure BitLocker Without TPM chip
You change a setting in the Windows 10 group policy editor to use BitLocker disk encryption with passwords. And Bypass the Error This Device Can’t use a Trusted Platform Module.
- To Do This Type gpedit in the Windows 10 Taskbar search and select Edit group policy.
- In the Windows 10 group policy editor opens, Navigate to following
- Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Here double click on Require additional authentication at startup in the main window.
Pay attention to choose the right option as there is another similar entry for (Windows Server).
Select Enabled in the upper left and activate Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) below.
After that click apply and ok to make save changes. Update the Group policy to take effect changes immediately. to do this press Win + R on run Type gpupdate / force and hit enter key.
Continue After bypass TPM Error
Now Again Come to BitLocker Drive Encryption Window and click BitLocker Drive Encryption. This time you didn’t face any error and the setup wizard will start. Here when prompted to choose “How to unlock your drive at startup”, select the Enter a Password option or you can use a USB drive to Unlock the drive at startup.
Here If you select Enter a password Every time you start the system you need to enter a password. And if select insert the USB drive every time you need to insert the USB drive to unlock the system.
Create a password for Bitlocker
Click the Enter a password option and Create a Password. (Choose a secure password consisting of big and small characters, numbers and special characters. Make sure not to use the similar password you use for other accounts ) And type the same password on the Re-enter your password tab click next.
Now on the next screen Choose how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy.
It is strongly recommended to Save to USB flash drive and to Print it.
When ready click Next. On Next Window You have two choices when encrypting your local disk if it is a new computer just pulled out of the box, use the Encrypt used disk space only. If it’s already in use, choose the second option Encrypt the entire drive.
Since I was already using this computer, I will go with the second option. Note, it will take some time especially if it’s a large drive. Make sure your computer is on UPS power in case of a power failure. Click next to continue. On next Screen Choose between the two encryption options:
- New encryption mode (best for fixed drives on this device)
- Compatible mode (best for drives that can be moved from this device)
Make sure to check the Run BitLocker system check option to avoid any data loss, and click Continue.
Bitlocker Drive Encryption process
when you click on the Continue Bitlocker prompt to Reboot Windows 10 to finish the setup and begin encryption.
Remove If any CD/ DVD disks that are in the computer, Save if any working windows opened and click Restart windows.
Now On Next Boot At Startup BitLocker Will Ask for Password Which you set during BitLocker Configuration. Put the password and hit the enter key.
After logging into Windows 10, you will notice there is not much happening. To find out the status of encryption.double-clicking on the BitLocker symbol in your taskbar.
You will see the current status which is C: BitLocker Encrypting 3.1 % completed. This will take some time, so you can continue using your computer while encryption takes place in the background, you’ll be notified when it is complete.
When BitLocker Encryption is finished, you can use your computer as you normally do. Any content created in addition to your communications will be secured.
If at any time you would like to suspend encryption, you can do so from the BitLocker Encryption Control Panel item. or you can simply Right click on the encrypted Drive and select Manage BitLocker.
When you click on it this will open the BitLocker Drive Encryption window where you find bellow options.
- Back up your recovery key: If you lose your recovery key, and you’re still signed into your account, you can use this option to create a new backup of the key
- Change password: You can use this option to create a new encryption password, but you’ll still need to supply the current password to make the change.
- Remove password: You can’t use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
- Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files.
However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.
That’s all, hope you can easily configure the Bitlocker drive encryption feature on windows 10. Also, read: