Skip to main content Link Menu Expand (external link) Left Arrow Right Arrow Document Search Copy Copied

BitLocker for Windows computers

In this chapter we will go over how to use BitLocker, Windows’s default encryption tool, to encrypt disks, files, and folders on a Windows computer.

BitLocker should be available for Windows computers automatically (Windows 10 or 11), with Drive Encryption available on devices running Windows Pro, Enterprise, or Education editions. If you have a different edition of Windows you can still try to enable BitLocker (see “Key Considerations” section below).

Table of Contents

Encrypting a specific drive (including external data drives)

Step 1: Search for BitLocker by going to Start and entering “Bitlocker” in the search window. Select “Manage BitLocker.”

The BitLocker Drive Encryption applet lists all the drives connected to the Windows device:

  • The Operating system drive is the drive on which Windows is installed
  • Additional drives are listed under Fixed data drives
  • Removable drives, like USB thumb drives, are listed under Removable data drives

Step 2: Next to each drive there’s a list of allowed operations. Select the option “Turn on BitLocker​​​​​​​” and follow the instructions to secure the drive.

Step 3: Choose how you’d like to back up the security key. We recommend keeping it in the cloud.

Step 4: Select whether you want the encryption to take care of the entire disk or just the used space. We recommend you to encrypt the entire disk.

​​​​​​​The drive will begin the encryption process. This can take some time to complete, but you can continue to use your device while it progresses.

Encrypting the entire device

Step 1: Go to Settings -> Updates & Security (or Privacy Security) -> Device Encryption.

Step 2: Click on “Turn on Device Encryption” or toggle encrption to “On.”

If you do not see these settings, try using the Drive Encryption method above.

Key considerations and troubleshooting for BitLocker

If BitLocker doesn’t appear in a search or is not visible in settings, use System Information to diagnose the issue. (Follow the steps here.)

If your system crashes, Windows Recovery Environment (WinRE) will automatically launch to address startup issues, recover data and repair your system. However, encrypted drives may be inaccessible unless you configure WinRE for BitLocker. We recommend performing the following steps to save time in the case of emergency recovery and repairs:

Step 1: Check if WinRE is enabled

  1. Type cmd in the search box and click Run as administrator under Command Prompt
  2. Type reagentc /info into the Command Prompt and press Enter
  3. If you see “Windows RE status: Enabled”, WinRE is activated
  4. If not, type reagentc /enable and press Enter

Step 2: Back up the recovery key in Windows

  1. Open Control Panel by pressing Windows + R and typing control
  2. Navigate to System and Security and select BitLocker Drive Encryption
  3. For each drive with BitLocker on, select “Back up your recovery key.”

Simulate BitLocker recovery in WinRE

  1. Restart your system
  2. Navigate to Troubleshoot -> Advanced options -> Command Prompt
  3. Verify the information fo the encrypted drive and attempt to unlock it with the following command (replace X with the letter of your drive): manage-bde unlock X: -RecoveryPassword
  4. If the drive is successfully unlocked, WinRE is configured to handle BitLocker recovery.

Video tutorial

Reference pages