How to Encrypt Windows 10 Hard Drive with Bitlocker

For Pro, Enterprise, or Education users only

When large telecoms, utilities, and even the government are getting hit with data breaches, what chance do you stand? A surprisingly good chance if you take a few key measures. One of those measures is encrypting your hard drive or SSD.

Windows 10 has a way to encrypt your built-in drive with Microsoft’s BitLocker technology. It’s easy to implement, easy to use, and doesn’t require any special skills or hardware. However, you do need to haveWindows Pro, Enterprise, or Education versions of Windows 10. If you have Windows 10 Home,VeraCrypt encryptionis an excellent option. You may even prefer it to BitLocker.

What Is BitLocker?

Encryption is the process of changing information into something meaningless unless you have the key. BitLocker encrypts information on hard drives so that it can only be read once the key is entered. The key may be managed by aTrusted Platform Module (TPM)chip in the computer, a USB drive that stores the key, or even just a password. If you try BitLocker and don’t like it, it’s easy toturn BitLocker off.

Why Should I Encrypt My Windows Hard Drive?

Let’s assume you usepassword best practices. Your password is complex, hard to guess, and you don’t write it down or share it with anyone. If someone wants to get data from your drive and they don’t have your Windows password, they could remove the hard drive, plug it into another computer, and use a Linux live CD to recover files.

If you’re using BitLocker, they can’t do that. BitLocker has to be able to get the key from somewhere. Ideally, that would be the Trusted Platform Module (TPM). It could also be a passphrase or a USB drive dedicated as a BitLocker key.

“But no one is going to steal my drive,” you respond. Have you ever thrown a computer out? Your hard drives went with it too, didn’t they? Unless yousafely dispose of a hard drive, someone can get the data. This happens every day, and it’s easy. We even have an article onhow to access files on old drives.

If you used BitLocker and took the drive out of the computer then disposed of the computer and drive separately, you just made the casual data thief’s job exponentially harder. It would require a data recovery specialist to even have a remote chance of getting your data. Convinced yet?

How to Check if a Computer Has a TPM

The ideal BitLocker situation is on a device with a TPM. Does your device have a TPM? It’s easy to check.

How to Enable BitLocker On a Device With a TPM

Your device has a TPM, so this next part is simple and easy.

Right-click on the drive and selectTurn on BitLocker.

There may be aStarting BitLockermessage with a progress bar. Let it finish.

The password will only be needed if the drive is removed from this device and installed on another device. Otherwise, the TPM will handle the entering of the password, making the encrypted drive work seamlessly with everything else.

Now it asksHow do you want to back up your recovery key?

There are 4 options:

Depending on the method selected, there may be some additional steps, but all methods will eventually lead to the next screen.

This step asks toChoose how much of your drive to encrypt. That may be confusing. If there’s nothing on the drive being encrypted, selectEncrypt used disk space only. It’s very fast.

Anything added to the drive after this will be automatically encrypted. If the drive already has files and folders on it, chooseEncrypt entire driveto ensure they’re all encrypted immediately. Then selectNext.

The next screen might not display depending on the version of Windows you’re using. It’s important to take the time to read and understand it.

To sum up, if anyone ever takes the drive out of this device and puts it into any version of Windows prior to Windows 10 Version 1511, the drive won’t work. Most people won’t ever do that, so most will chooseNew encryption mode, then selectNext.

Encryption is serious business and things can go wrong. That’s why the process will ask one last time,Are you ready to encrypt this drive?If so, selectStart encrypting.

Once BitLocker is done encrypting the drive, go back to File Explorer. Notice that the drive icon now has an unlocked padlock. That means the drive is encrypted but ready to receive files. If the padlock was locked, you would need to enter the password to access it.

How to Enable BitLocker On a Device Without TPM

For now, there is a way to use BitLocker to encrypt a drive even if the device doesn’t have TPM. Expect that to change in Windows 11 asWindows 11 requires TPM 2.0to upgrade from Windows 10 to Windows 11. This method requires having administrator rights.

Are You Secure Now?

BitLocker encryption is only one part of securing your data. What else are you doing to ensure your privacy and identity are protected? Let us know! Make sure to check out all of ourdata security and privacyarticles.

Guy has been published online and in print newspapers, nominated for writing awards, and cited in scholarly papers due to his ability to speak tech to anyone, but still prefers analog watches.Read Guy’s Full Bio

Welcome to Help Desk Geek- a blog full of tech tips from trusted tech experts. We have thousands of articles and guides to help you troubleshoot any issue. Our articles have been read over 150 million times since we launched in 2008.

HomeAbout UsEditorial StandardsContact UsTerms of Use

How to Encrypt Windows 10 Hard Drive with Bitlocker#

What Is BitLocker?#

Why Should I Encrypt My Windows Hard Drive?#

How to Check if a Computer Has a TPM#

How to Enable BitLocker On a Device With a TPM#

How to Enable BitLocker On a Device Without TPM#

Are You Secure Now?#