BitLocker is a feature of the Pro versions of Windows 10 & Windows 11 that will encrypt all the data (files and folders) on your computer.
Unfortunately it’s not available for Home versions of Windows, but if you wanted some sort of file or drive encryption check this guide for your options 6 Ways To Keep Files Private On A PC.
How To Enable BitLocker Drive Encryption.
BitLocker will normally be disabled by default. To enable it in Both Windows 10 and Windows 11, click the Start button and then type “bitlocker“.
Click on Manage BitLocker (Control Panel) at the top of the search results panel.
On The BitLocker Drive Encryption screen, click Turn BitLocker On.
If BitLocker Is Already Turned On.
It’s more than possible that when you open the BitLocker page, you’ll find that it’s already enabled.
If that’s the case, then your hard drive is already encrypted.
What you really need to do is to backup the recovery key.
Backup The BitLocker Recovery Key.
Before BitLocker does anything at all, it insists that you create a backup of the recovery key.
When BitLocker is enabled, it’ll encrypt ALL the files on your hard drive. Everything. Your computer won’t even start up without the drive being unlocked.
You have 3 choices.
- Save to your Microsoft account – This is the easiest to do since you’re probably logged in with your MS account anyway.
- Save to file – You can save a simply text file with the recovery key included in it. You can save it to a USB drive, but make sure it works properly.
- Print the recovery key – If you have a printer then why not?
Recovery Key.
Under normal circumstances, BitLocker will store the necessary encryption keys in the computer TPM (Trusted Platform Module).
But if something goes wrong, or if you have to remove the hard drive for some reason, then you’ll need the recovery key to unlock the drive.
How Much To Encrypt?
Encrypting the files on your hard drive is going to take some time. It’ll obviously depend on how much data there is to encrypt and the speed of your computer. With that in mind, you get a choice of options.
- Encrypt used space only – This option will only encrypt your files and and folders. As you save new files, they’ll be encrypted on the fly.
- Encrypt entire drive – Does what it says. Even empty space on the drive will be encrypted.
Which Option Should You Choose?
When you delete files and folders from your computer, they aren’t actually erased from the hard drive. Instead the space that they occupied is marked as empty. Even though the files are most likely still there.
So which option should you choose?
If you’re turning BitLocker on for a relatively new PC, then it’s pretty safe to go with the quicker “Encrypt used disk space only” option. Since you won’t have deleted much in the way of personal or private files yet.
However, if you’ve had the computer for sometime, then there’ll most likely be a lot of private files that, although deleted, could still be recovered.
In that case, it’d be safer to choose “Encrypt entire drive”.
Which Encryption Mode To Use With BitLocker?
The next screen will ask you which encryption mode BitLocker should use. Generally you should opt for the “New encryption mode”, which is the default option.
The Compatible Mode is only there if you need to use the drive in a computer that runs older versions of Windows.
BitLocker System Check.
Ok, for me this is a no brainer. Before BitLocker carries out any encryption, it can restart your computer and check to see if everything is going to work as expected.
Select Run BitLocker System Check. Then click the Continue button.
BitLocker should restart your PC.
If it doesn’t, then you’ll need to restart it manually.
Either way, BitLocker will make sure that it can read the encryption keys that are stored within the TPM.
After the restart, you’ll see a notification that Encryption In Progress.
Nothing else for you to do right now.
This Device Cannot Use A Trusted Platform Module.
When enabling BitLocker, you might get this error message “This device cannot use a Trusted Platform Module”.
BitLocker stores its encryption keys in the TPM, so if your PC doesn’t have one, then there’s obviously a problem.
However all is not lost. It’s very likely that your computer does have a TPM, but it isn’t enabled, it isn’t turned on. This issue only really affects Windows 10 computers, since all Windows 11 PCs are required to have a TPM.
Even f your PC doesn’t have a Trusted Platform Module, you can still use BitLocker. It’ll actually work without a TPM, but will require the use of a password to unlock the drive.
So assuming that you still want to use BitLocker, you have 2 options –
- Access your computer UEFI/BIOS and enable the TPM from there. To do that you’ll need to refer to your manufacturer’s instructions.
- Use BitLocker without a TPM. This option will mean that you’ll need to enter a password to start your PC every time.
Save Your BitLocker Recovery Key.
BitLocker will encrypt all the files on your PC including Windows itself. That means that if something is wrong, your computer won’t even start up.
Whether you’re going to attempt to fix the problem yourself, or pop the machine into a repair shop, it’s highly likely that you’ll need the recovery key.
So backup the recovery key in several places. Just saving it to your Microsoft account might not be enough. After all, how will you access your MS account if your computer won’t start?
To create more backups, or to retrieve a recovery key, open the BitLocker Drive Encryption screen. Then click Back Up Your Recovery Key.
If at all possible I’d recommend that you use all 3 options.
If you worst comes to the worst, then hopefully, you should be able to use at least one to get your recovery key.
Summary.
Be very careful with BitLocker and the recovery key for it. If you run into issues with your computer, you might end up losing all your data (documents, pictures etc).
There are possibly better options for keeping your files private.
