Windows Bitlocker Drive Encryption

Here we can see, “Windows Bitlocker Drive Encryption”

If you have sensitive files on your Windows 10 device, you must take the necessary steps to protect them, which is where BitLocker comes in. BitLocker is a long-standing feature that allows you to encrypt data on your hard drive to prevent unauthorized access to your personal information.

Encryption, in a nutshell, is the process of making data unreadable without the proper authorization. Even if you share your data with others, it will remain unreadable if you use encryption to scramble it. The data can only be decrypted and made usable if you have the correct encryption key.

If you’ve never used BitLocker before, it has two encryption options: hardware-based encryption using the Trusted Platform Module (TPM) chip and software-based encryption with a password or USB flash drive to decrypt the disc and boot into Windows 10. With “BitLocker To Go,” you may also safeguard data on the installation drive, secondary storage, and removable media.

Before using BitLocker

Before you use these instructions, there are a few things you should know:

• On Windows 10 Pro and Enterprise, BitLocker Drive Encryption is offered. In addition, BitLocker is available on specific devices in Windows 10 Home edition. You can do so by following these steps.
• For optimum results, a Trusted Platform Module (TPM) chip is required. This is a unique chip that enables enhanced security measures to be supported by the device.
• BitLocker can be used without a TPM if software-based encryption is used. However, it requires some additional authentication processes.
• During startup, computer firmware must support TPM or USB devices. If the feature isn’t accessible, look for a BIOS (Basic Input Output System) or UEFI (Unified Extensible Firmware Interface) upgrade from the machine maker.
• A system partition with the necessary files to start the system and a partition with the Windows 10 installation must be present on the computer’s hard drive. BitLocker will create them automatically if the device does not meet the requirements. The NTFS file system must also be used to format the hard drive partitions.
• The encryption process is simple, but it can take a long time depending on the amount of data and size of the hard drive.
• Throughout the process, keep the computer connected to an uninterrupted power supply (UPS).

Even though BitLocker performs a fantastic job protecting your data, any system upgrade comes with its own set of risks. Therefore, before continuing with this guide, you should always make a comprehensive backup of your system.

How to check if device has TPM support to use BitLocker

Follow these procedures to see if a computer running Windows 10 has TPM:

1. Start the program.
2. To access the app, search for Device Manager and pick the top result.
3. The Security Devices branch should be expanded.
4. Compare the version number to the item labeled “Trusted Platform Module.”

Alternatively, you can check your computer’s manufacturer’s help website to know if the machine has a security chip and how to activate it.

If you have a Surface device, it certainly has a Trusted Platform Module with BitLocker encryption capabilities.

How to enable (hardware-based) BitLocker on the operating system drive

Follow these steps to enable BitLocker on a device with TPM:

1. Start the program.
2. To access the program, search for Control Panel and pick the top result.
3. Select System and Security from the drop-down menu.
4. Select BitLocker Drive Encryption from the drop-down menu.
5. Click the Turn on BitLocker option under the “Operating system drive” column.
6. Choose the following option to save the recovery key:
   • To save, go to your Microsoft account and save the file.
   • Save your work to a file.
   • Make a copy of the recovery.
7. Then press the Next button.
8. Choose how much space on the drive to encrypt:
   • Only used disc space to encrypt (faster and best for new PCs and drives).
   • Encrypt your entire hard drive (slower but best for PCs and drives already in use).
9. Select one of two encryption methods:
   • A new encryption mode has been added (best for fixed drives on this device).
   • Mode of compatibility (best for drives that can be moved from this device).
10. Then press the Next button.
11. Check the option to perform a BitLocker system check.
12. Continue by pressing the Enter key.
13. Restart your computer by pressing the Restart now button.

The device will restart after you finish the procedures, BitLocker will be enabled, and you will not be requested to input a decryption password to continue using Windows 10.

Although the device will boot quickly, you will note that BitLocker is still encrypting the drive under Control Panel > System and Security > BitLocker Drive Encryption. This process may take a long time depending on the choice you chose and the size of the drive, but you can keep working on the computer during this time.

The drive will have a lock icon, and the label will read BitLocker after the encryption operation is complete.

BitLocker options

Several choices will become accessible after the drive encryption is activated, including:

• Suspend protection: If you select this option, your files will no longer be protected. This option is typically used to upgrade to a new Windows 10, firmware, or hardware. If you don’t restart BitLocker, the encryption protection will automatically resume the next time you reboot.
• Copy your recovery key: If you lose your recovery key while still logged in to your account, you can use this option to create a new backup of the key using the settings in Step 6.
• Password change: Creates a new encryption password, but you’ll still need to provide the old one to accomplish the change.
• Remove the password: BitLocker cannot be used without some form of authentication. Only when you configure a new method of authentication can you remove a password.
• Turn off BitLocker: All files on the drive are decrypted. Also, depending on the storage size, decryption may take a long time to complete, but you can still use your computer during this time.

How to enable (software-based) BitLocker on the operating system drive

You won’t be able to configure BitLocker on Windows 10 if your computer doesn’t have a Trusted Platform Module chip. However, if you use the Local Group Policy Editor to enable additional authentication at startup, you can still use encryption.

Once the feature is enabled, you’ll need to unlock the drive with a password or a USB flash drive containing the recovery key to continue booting into Windows 10.

Enable policy without TPM support

Use these procedures to set up BitLocker for devices that don’t have a TPM chip.

1. Start the program.
2. To open the Local Group Policy Editor, search for gpedit and click the top result.
3. Take the following route:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

4. Double-click the Require extra authentication at startup policy on the right side.

5. Select Enabled from the drop-down menu.

6. Allow BitLocker without a suitable TPM (needs a password or a startup key on a USB flash drive) by checking the box.

7. Then press the Apply button.

8. Then press the OK button.

BitLocker can be configured on the computer to protect your data once you’ve completed the steps.

Enable BitLocker

Follow these steps to enable BitLocker on your device:

1. Start the program.
2. To access the program, search for Control Panel and pick the top result.
3. Select System and Security from the drop-down menu.
4. Select BitLocker Drive Encryption from the drop-down menu.
5. Click the Turn on BitLocker option under the “Operating system drive” column.
6. To unlock, choose one of the following encryption methods:
   • Insert a USB flash drive — to unlock the device and boot into Windows 10; you’ll need a flash drive.
   • Enter a Password — Windows 10 requires a password before it can be started (recommended).
7. To unlock BitLocker and gain access to your device, create and confirm a password.
8. Then press the Next button.
9. Choose the following option to save the recovery key:
   • To save, go to your Microsoft account and save the file.
   • Save the file to a USB drive.
   • Save your work to a file.
   • Make a copy of the recovery.
10. Then press the Next button.
11. Choose how much space on the drive to encrypt:
    • Only used disc space to encrypt (faster and best for new PCs and drives).
    • Encrypt your entire hard drive (slower but best for PCs and drives already in use).
12. Select one of two encryption methods:
    • A new encryption mode has been added (best for fixed drives on this device).
    • Mode of compatibility (best for drives that can be moved from this device).
13. Then press the Next button.
14. Check the option to perform a BitLocker system check.
15. Continue by pressing the Enter key.
16. Restart your computer by using the Restart now option.

The computer will restart after you’ve completed the instructions, and BitLocker will ask you to input your encryption password to open the drive.

How to enable BitLocker on fixed data drives

Follow these steps to set up BitLocker on a secondary drive:

1. Start the program.
2. To access the program, search for Control Panel and pick the top result.
3. Select System and Security from the drop-down menu.
4. Select BitLocker Drive Encryption from the drop-down menu.
5. Select the Turn on BitLocker option for the secondary disc under the “Fixed data drives” section.
6. Select the option to unlock the drive using a password.
7. To unlock BitLocker and gain access to your device, create and confirm a password.
8. Then press the Next button.
9. Choose the following option to save the recovery key:
   • To save, go to your Microsoft account and save the file.
   • Save the file to a USB disc.
   • Save your work to a file.
   • Make a copy of the recovery.
10. Then press the Next button.
11. Choose how much space on the drive to encrypt:
    1. Only used disc space to encrypt (faster and best for new PCs and drives).
    2. Encrypt your entire hard disc (slower but best for PCs and drives already in use).
12. Select one of two encryption methods:
13. A new encryption mode has been added (best for fixed drives on this device).
14. Mode of compatibility (best for drives that can be moved from this device).
15. Then press the Next button.
16. To begin encrypting, press the Start encrypting button.
17. Close the window with a click.

The drive will begin using encryption once you’ve completed the steps. The process could take a long time if the drive already had data on it.

How to enable BitLocker To Go on removable drives

Using the ” BitLocker To Go ” feature, you can also encrypt removable drives (such as USB flash and external drives) connected to your computer using the “BitLocker To Go” feature.

Follow these steps to set up BitLocker To Go on a detachable drive:

1. Connect the gadget to the USB drive.
2. Start the program.
3. To access the legacy app, search for Control Panel and pick the top result.
4. Go to System and Security and choose it.
5. Select BitLocker Drive Encryption from the drop-down menu.
6. Select the portable drive you want to encrypt under the “BitLocker To Go” option.
7. Select the BitLocker option and turn it on.
8. Select the option to unlock the drive using a password.
9. To unlock the drive, create a password.
10. To continue, click Next.
11. Choose the following option to save the recovery key:
    • To save, go to your Microsoft account and save the file.
    • Save your work to a file.
    • Make a copy of the recovery.
12. Then press the Next button.
13. Choose how much space on the drive to encrypt:
    • Only used disc space to encrypt (faster and best for new PCs and drives).
    • Encrypt your entire hard disc (slower but best for PCs and drives already in use).
14. Select one of two encryption methods:
    • A new encryption mode has been added (best for fixed drives on this device).
    • Mode of compatibility (best for drives that can be moved from this device).
15. Then press the Next button.
16. To begin encrypting, press the Start encrypting button.
17. Close the window with a click.

The encryption process on the removable drive will begin after you finish the stages.

When using encryption, always start with an empty drive to speed up the process; the data will then encrypt quickly and automatically. Additionally, similar to the operating system drive feature, you will have the same additional options as well as a few more, including:

• Add smart card: You can use this option to set up a thoughtful card to unlock the removable drive.
• Turn on auto-unlock: You can use auto-unlock to access your encrypted data without having to type a password every time you re-connect the removable drive.

How to disable BitLocker on Windows 10

Follow these steps to unencrypt your drive:

1. Start the program.
2. To open the app, search for Control Panel and click the top result.
3. Select System and Security from the drop-down menu.
4. Select BitLocker Drive Encryption from the drop-down menu.
5. Select the Turn off BitLocker option for the drive you want to remove it from to remove the encryption.
6. Turn off BitLocker by clicking the Turn off BitLocker button.

The decryption process will begin after you complete the steps, and it will take some time to complete depending on the amount of data.

Conclusion

I hope you found this information helpful. Please fill out the form below if you have any questions or comments.

User Questions:

1. What is the purpose of BitLocker Drive Encryption?

BitLocker Drive Encryption is a data protection feature that works with the operating system to protect data from stolen, lost, or improperly decommissioned computers.

2. What is Windows 10’s BitLocker Drive Encryption?

BitLocker Drive Encryption is a built-in security feature in Windows that encrypts all data on the drive where Windows is installed. By encrypting your data, device encryption helps to protect it. However, it can only be decrypted by someone who has the correct encryption key (such as a personal identification number).

3. Can I put my faith in BitLocker?

Bitlocker is safe encryption software that is utilized by businesses all over the world. The TPM hardware cannot be used to extract keys. TPM will also validate the pre-boot components to ensure that nothing has been changed, reducing the risk of evil maid attacks.

4. How probable is it that enabling BitLocker would help me rather than harm me later?

How likely is it that turning on BitLocker will help me vs. screw me over later? from sysadmin

5. Why is there no trust in the security of BitLocker?

Why is there no trust in the security of BitLocker? from sysadmin