How to Set Up BitLocker Encryption on Windows
How to Encrypt a Drive with BitLocker
To use BitLocker for a drive, all you really have to do is enable it, choose an unlock method password, PIN, and so on, and then set a few other options. Before we get into that, however, you should know that using BitLocker’s full-disk encryption on a system drive generally requires a computer with a Trusted Platform Module (TPM) on your PC’s motherboard.
You can encrypt a non-system drive or removable drive without TPM and without having to enable the Group Policy setting.
In Windows 7 through 10, you really don’t have to worry about making the selection yourself. Windows handles things behind the scenes, and the interface you’ll use to enable BitLocker doesn’t look any different. If you end up unlocking an encrypted drive on Windows XP or Vista, you’ll see the BitLocker to Go branding, so we figured you should at least know about it.
So, with that out of the way, let’s go over how this actually works.
Step One: Enable BitLocker for a Drive
The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the “Turn on BitLocker” command. If you don’t see this option on your context menu, then you likely don’t have a Pro or Enterprise edition of Windows and you’ll need to seek another encryption solution.
It’s just that simple. The wizard that pops up walks you through selecting several options, which we’ve broken down into the sections that follow.
Step Two: Choose an Unlock Method
The first screen you’ll see in the “BitLocker Drive Encryption” wizard lets you choose how to unlock your drive. You can select several different ways of unlocking the drive.
If you’re encrypting your system drive on a computer that doesn’t have a TPM, you can unlock the drive with a password or a USB drive that functions as a key. Select your unlock method and follow the instructions for that method (enter a password or plug in your USB drive).
If you’re encrypting a non-system drive or removable drive, you’ll see only two options (whether you have a TPM or not). You can unlock the drive with a password or a smart card (or both).
Step Three: Back Up Your Recovery Key
BitLocker provides you with a recovery key that you can use to access your encrypted files should you ever lose your main key for example, if you forget your password or if the PC with TPM dies and you have to access the drive from another system.
You can save the key to your Microsoft account, a USB drive, a file, or even print it. These options are the same whether you’re encrypting a system or non-system drive.
If you back up the recovery key to your Microsoft account, you can access the key later at https://onedrive.live.com/recoverykey. If you use another recovery method, be sure to keep this key safe if someone gains access to it, they could decrypt your drive and bypass encryption.
You can also back up your recovery key multiple ways if you want. Just click each option you want to use in turn, and then follow the directions. When you’re done saving your recovery keys, click “Next” to move on.
Note: If you’re encrypting a USB or other removable drive, you won’t have the option of saving your recovery key to a USB drive. You can use any of the other three options.
Step Four: Encrypt and Unlock the Drive
BitLocker automatically encrypts new files as you add them, but you must choose what happens with the files currently on your drive. You can encrypt the entire drive including the free space or just encrypt the used disk files to speed up the process. These options are also the same whether you’re encrypting a system or non-system drive.
When you’ve made your selection, click the “Next” button.
Step Five: Choose an Encryption Mode (Windows 10 Only)
If you’re using Windows 10, you’ll see an additional screen letting you choose an encryption method. If you’re using Windows 7 or 8, skip ahead to the next step.
Whichever option you choose, go ahead and click the “Next” button when you’re done, and on the next screen, click the “Start Encrypting” button.
Step Six: Finishing Up
The encryption process can take anywhere from seconds to minutes or even longer, depending on the size of the drive, the amount of data you’re encrypting, and whether you chose to encrypt free space.
If you’re encrypting your system drive, you’ll be prompted to run a BitLocker system check and restart your system. Make sure the option is selected, click the “Continue” button, and then restart your PC when asked. After the PC boots back up for the first time, Windows encrypts the drive.