Microsoft BitLocker is a Windows native security feature that will encrypt everything on the drive that Windows is installed upon. You can encrypt PCs or drives, and full-volume encryption will ensure that only those with the correct encryption key will be able to decrypt and access your files and information.
Let’s walk you through how you can use BitLocker, how the technology works behind the scenes, the OS requirements for BitLocker, and everything that you could want to know about this tool!
How does BitLocker work?
The way that BitLocker works is by utilizing a hardware element known as a TPM, which stands for Trusted Platform Module. BitLocker will create a recovery key for your hard drive, so that every time you start up your computer, a specific pin number will be needed in order to gain access. There will also be a recovery key that can be used if for any reason you forget the password. You should make sure to save this recovery key somewhere safe that is not the PC in use or an easily hackable USB flash drive.
What benefits are there to using BitLocker?
The aim of BitLocker is to protect computers and drives against data breaches and intrusions. The main benefits are:
- It encrypts your entire drive, providing a high level of security using the TPM module.
- You can set up BitLocker to automatically save keys to Active Directory
- There are no additional licensing costs, as a native Windows function
- Negligible impact on read performance, and no impact on write performance
- Easy set-up (keep reading for a step-by-step walkthrough on Windows 10!)
What requirements will I need to use BitLocker?
Not all computers or encrypted drives can use BitLocker. Windows currently support the following operating systems:
- Ultimate and Enterprise editions of Windows Vista and Windows 7 (Note that the Trusted Platform Module (TPM) version 1.2 or higher must be installed, enabled and activated.)
- Pro and Enterprise editions of Windows 8 and 8.1
- Pro, Enterprise, and Education editions of Windows 10
- Windows Server 2008 and later
As well as this, you need to be logged into the PC as an administrator, and you should have access to a printer so that you can print the recovery key.
A step-by-step guide to using BitLocker for Windows 10
To enable BitLocker, you start by heading to the start menu search box, and search for Manage BitLocker. You may find this under Device Encryption, or as its own setting in the control panel. Note that BitLocker is NOT available on Windows 10 Home edition. If available, there should be a clear option to “Turn on BitLocker” so simply click turn on Bitlocker. You’ll be prompted with a few settings, let’s go through them one by one.
First, Windows will check your system settings and configuration to make sure that you can use BitLocker. For example, if your TPM module is off, Windows will automatically turn this on for you. You may need to restart your computer one or more times, so make sure that any open work is completed and/or saved.
Before encryption begins, you will be asked to choose a password and possibly a recovery password as well. This will need to be used every time you access your PC or drive, even before the operating system starts up. You can choose to enter this manually, or via a USB flash drive. At this point, you will also choose your recovery key settings, which will be needed if for any reason you can’t get into your computer using the pin number.
The options for Windows 10 are to save the file to your Microsoft account, save it to a flash drive, save it to a local or cloud file, or print the recovery key manually.
After clicking next, you’ll be prompted to choose how much of your drive you want to encrypt. You’ll get two volume encryption options, “used disk space only” or “whole drive”. Used disk space is faster, so it’s a good choice for new PCS and drives, while the whole drive is better for those that are in use already. However, note that if you choose the whole drive the encryption process will take much longer.
On Windows 10 build 1511 or newer, you’ll also be asked to choose the mode of encryption, which can be compatible, or new. Compatible is best for removable drives that will then be used with older versions of the Windows OS. For your storage drive, it’s likely that you will need to check ‘new’. Don’t forget to click the “Run BitLocker system check” button, which will ensure that Windows checks your system before the encryption begins.
You’ll now need to manually restart your computer, and enter the password for the first time. At this point, you’ll be asked if you’re ready to encrypt, and you simply confirm.
How long will encrypting with BitLocker take?
Great question! It can certainly vary depending on how much data there is to encrypt, and also on how intensive the work that you complete is, while the encryption process is taking place. On new computers, it may take as little as 20 minutes, while it can take 2 or 3 hours to complete at the other end of the scale. If you’re in a hurry, try to not use the device while encryption is taking place, or consider whether choosing “used disk space only” is correct for your security needs.
What if I want to decrypt using BitLocker?
If you decide that you would no longer like to use BitLocker to encrypt your data, you can head back to the manage BitLocker or device encryption settings in the control panel, and you’ll see the same button available to turn off BitLocker. You can confirm your decision when the OS prompts, and the system will automatically begin decrypting.
That’s All Folks!
So that’s it! We hope you found that helpful for choosing whether to use BitLocker, as well as practically learning how to use the functionality of this device encryption feature, natively available on Windows. If you have any more questions, please do reach out, we’re here to help – anytime.
