bitlocker drive encryption

BitLocker is a built-in Drive encryption system Protection feature that Microsoft included with select editions of Windows. It is designed to protect data by providing encryption for entire volumes. (Encryption is a method of making readable information unrecognizable to unauthorized users.) When you encrypt your information, it remains usable even when you share it with other users. If you send an encrypted Word document to a friend, they will need first to decrypt it. Windows 10 includes different types of encryption technologies, the Encrypting File System (EFS) and BitLocker Drive Encryption. This post will guide how to enable and configure BitLocker Drive encryption Feature to Protect your System Drive.

Note: BitLocker Is not available on window Home and stater editions. This Feature Only Included on Professional, Ultimate and Enterprise editions of Microsoft Windows.

Currently, there are two types of BitLocker encryption you can use

BitLocker Drive Encryption

This is a “full-disk encryption” feature that will encrypt an entire drive. When the computer boots, the Windows boot loader loads from the System Reserved partition, and the boot loader will prompt you for your unlock method

BitLocker To Go

External drives, such as USB flash drives and external hard drives, can be encrypted with BitLocker To Go. You’ll be prompted for your unlock method when you connect the drive to your computer. If someone doesn’t have the unlock method, they can’t access the files on the drive.

Pre-Requirement To Configure BitLocker Feature

  • BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise.
  • Your computer’s BIOS must support TPM or USB devices during startup. If this isn’t the case, you’ll need to check your PC manufacturer’s support website to get the latest firmware update for your BIOS before trying to set up BitLocker.
  • The process to encrypt an entire hard drive isn’t difficult, but it’s time-consuming.
  • Depending on the amount of data and size of the drive, it can take a very long time.
  • Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.

Turn on BitLocker Drive Encryption Feature

  • To Enable and configure BitLocker Feature
  • First Open Control Panel  then System And Security
  • Here you will see the option BitLocker Drive Encryption Click on it.
  • This will open the BitLocker Drive Encryption Window.
  • Here Click Turn on BitLocker Bellow to Operating System Drive.

If the PC you’re enabling BitLocker on doesn’t have a Trusted Platform Module (TPM), you’ll see a message saying This Device Can’t use a Trusted Platform Module. your administrator must set the “Allow BitLocker without a compatible TPM” option in the required Additional authentication at startup policy for OS Volumes.


Allow BitLocker without a compatible TPM windows 10

BitLocker Drive Encryption normally requires a computer with a TPM ( Trusted Platform Module ) to secure an operating system drive. This is a microchip built into the computer, installed on the motherboard. BitLocker can store the encryption keys here, which is more secure than simply storing them on the computer’s data drive. The TPM will only provide the encryption keys after verifying the state of the computer. An attacker can’t just rip out your computer’s hard disk or create an image of an encrypted disk and decrypt it on another computer.

Here how to Enable BitLocker Without TPM chip:

You change a setting in the Windows 10 group policy editor to use BitLocker disk encryption with passwords, And Bypass the Error This Device Can’t use a Trusted Platform Module.

  • Type gpedit in the Windows 10 Taskbar search and select Edit group policy.
  • In the Windows 10 group policy editor opens, Navigate to following from left Panel
  • Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. 
  • Here double click on Require additional authentication at startup in the main window.

Note: Pay attention to choose the right option as there is another similar entry for (Windows Server).

Allow bitlocker without TPM group policy

  • Select Enabled in the upper left and activate Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) below.
  • After that click apply and ok to make save changes.
  • Update the Group policy to take effect changes immediately.
  • To do this press Win + R on run Type gpupdate / force and hit the enter key.

Reconfigure BitLocker feature

Now Again Come to BitLocker Drive Encryption Window and click BitLocker Drive Encryption. Now this time you didn’t face any error and the setup wizard will start. Here when prompted to choose “How to unlock your drive at startup”, select Enter a Password option or you can use a USB drive to Unlock the drive at startup.

Create A Password for BitLocker

Here If you select Enter a password Every time you start the system you need to enter the password. If select insert the USB drive every time you need to insert the USB drive to unlock the system. Click Enter a password option and Create a Password. (Choose a secure password consisting of big and small characters, numbers and special characters. Make sure not to use the similar password you use for other accounts ) And type the same password on Re-enter your password tab click next.

Create A Password for BitLocker

On next screen Choose how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy.

It is strongly recommended to Save to USB flash drive and to Print it.

When ready click Next.  On Next Window You have two choices when encrypting your local disk

  • If it is a new computer just pulled out of the box, use the Encrypt used disk space only.
  • If it’s already in use, choose the second option Encrypt entire drive.

Since I am already using this computer, I will go with the second option. Note, it will take some time especially if it’s a large drive. Make sure your computer is on UPS power in case of a power failure. Click next to continue.

On next Screen Choose between the two encryption options:

  1. New encryption mode (best for fixed drives on this device)
  2. Compatible mode (best for drives that can be moved from this device)

Make sure to check the Run BitLocker system check option to avoid any data loss, and click Continue.

when you click on Continue Bitlocker prompt to Reboot Windows 10 to finish the setup and begin encryption.

Encryption will begin after computer Restart

Remove If any CD/ DVD disks that are in the computer, Save if any working windows opened and click Restart windows.

Now On Next Boot At Startup BitLocker Will Ask for Password Which you set during BitLocker Configuration. Put the password and hit the enter key.

bitlocker password startup

After logging into Windows 10, you will notice there is not much happening. To find out the status of encryption.double-clicking on the BitLocker symbol in your taskbar.

You will see the current status which is C: BitLocker Encrypting 3.1 % completed. This will take some time, so you can continue using your computer while encryption takes place in the background, you’ll be notified when it is complete.

When BitLocker Encryption is finished, you can use your computer as you normally do. Any content created in addition to your communications will be secured.

Manage BitLocker

If at any time you would like to suspend encryption, you can do so from the BitLocker Encryption Control Panel item. or you can simply Right-click on the encrypted Drive and select Manage BitLocker.

manage bitlocker

When you click on it this will open the BitLocker Drive Encryption window where you find bellow options.

  • Back up your recovery key: If you lose your recovery key, and you’re still signed into your account, you can use this option to create a new backup of the key
  • Change password: You can use this option to create a new encryption password, but you’ll still need to supply the current password to make the change.
  • Remove password: You can’t use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
  • Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files.

However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.

That’s All About to know Turn on And Configure BitLocker Drive Encryption Feature on Windows 10. Have any Query, Suggestion feel free to comment below. Also, Read

Steve Ballmer
With over 7 years of experience in the IT industry, I have experience in IT support, helpdesk, sysadmin, network admin, and cloud computing. Certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.