top of page

How to Enable BitLocker on Windows 11

Updated: Dec 27, 2023

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

System Requirements

  1. For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later

  2. A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.

  3. The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.

  4. The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.

  5. BitLocker is available on Windows 11 Enterprise, Pro, and Education. It is not available for the Home Edition,

BitLocker Type Available for Widows 11

  1. BitLocker – to encrypt and protect the Operating system and fixed data drives

  2. BitLocker To Go – to encrypt removable drives such as USB, Memory Cards those are accessed from different devices.

Step1 : Check whether BitLocker already enabled?

Open Powershell on Windows 11 in the Elevated Window and run the following command

Manage-bde -status

Windows 11

You can see the Proection Status : Protection off

Which means Bitlocker is not enabled and not Protected.

Windows 11

Step 2: You also can check whether the Volume Level Protection is enabled or not as well.

Get-BitLockerVolume

Windows 11

You can check for specific Volumes as well.

Windows 11

So far, we have identified the device is not enabled with BitLocker. Let’s Get in to Enable BitLocker.

Step 3: Open Windows 11 — Settings — Systems – Storage

Windows 11

Advanced Storage Settings

Windows 11

Disks & volumes

Windows 11

Select the Disk you want to enable BitLocker — Go to Properties

Windows 11

Click on Turn on BitLocker

Windows 11

Windows 11

Since I have joined the device with the Azure Active Directory, I have selected Save to your Azure AD Account

Windows 11

Windows 11

Click on Next

Windows 11

Select the Option and click on Next

Windows 11

Windows 11

Select Run BitLocker system check and Click on Continue

Windows 11

Windows 11

Restart the Device post enablement

Windows 11

Now, You can see the BitLocker is Turned ON

Windows 11

you check using cmdlet and see now Protection Status: Protection On

Windows 11

Volume also FullyEncrypted

Windows 11

in Azure AD, You can still see the BitLocker Recovery Key has been updated.

Windows 11
21 views0 comments

Comments


bottom of page