Windows 11 has a feature called BitLocker, which encrypts your data to keep it safe from others. Here’s how to set it up.


Quick Links

Keeping your data safe is extremely important, and Windows, including Windows 11, comes with a technology called BitLocker. It encrypts the data on your drive, preventing third-party actors from accessing it unless they have the decryption key, which is basically your account password. You wouldn’t notice it’s enabled most of the time since you’re always logged into your account and everything just works, but the extra layer of protection is definitely nice to have.

According to Microsoft, BitLocker encryption is only available on Windows 11 Pro, Enterprise, and Education editions, but there is a limited form of device encryption in Windows 11 Home, too. The difference is you don’t get the same management and setup options on Windows 11 Home, but the core feature is still there. For example, if you enable device encryption on Windows 11 Home, it will be enabled for all your drives, while Pro lets you set it up for each drive on your PC.

If you’re wondering how to enable (or disable) BitLocker encryption on your PC, that’s what this article is for. We’ll show you how to use BitLocker on both Windows 11 Pro (and higher) and Windows 11 Home.


How to use BitLocker encryption on Windows 11 Pro, Enterprise, and Education

In many cases, BitLocker encryption will be enabled by default on your PC, especially if you bought a laptop or a pre-built desktop. However, if it isn’t enabled, here’s how you can do it yourself:

  1. Open the Settings app and select Privacy & security in the menu on the left.
  2. Click Device encryption.
    Screenshot of Privacy & security page in Windows 11 Settings app with Device encryption option highlighted

  3. You can simply enable encryption by changing the Device encryption toggle to On.
  4. Alternatively, click BitLocker drive encryption to manage encryption settings in Control Panel.
  5. Find the drive you want to encrypt (if you have multiple) and click Turn on BitLocker.
    Screenshot of BitLocker Drive Encryption Settings on Windows 11 with option to turn on BitLocker highlighted

  6. Choose a location to save your decryption key. If you have a Microsoft account linked to your Windows 11 install, you can back it up to your Microsoft account; otherwise, you can save it to a local file or print it and store it somewhere safe.
    Screenshot of BitLocker setup asking the user where to save the recovery key. The Microsoft account option is highlighted.

  7. Choose Encrypt used disk space only to encrypt your drive faster and click Next. The slower option is generally unnecessary unless you have an older PC with a lot of data stored on it.
    Screenshot of BitLocker setup asking the user whether to encrypt the entire drive or only used disk space.

  8. Choose New encryption mode (the default setting) and click Next.
    Screenshot of BitLocker setup asking the user whether to use the new encryption mode or the compatible mode.

  9. Enable the Run BitLocker system check checkbox, and click Continue.
    Screenshot of BitLocker setup with the option to run a BitLocker system check highlighted.

  10. You’ll be prompted to restart the computer and your drive will begin encrypting.

That’s all there is to enabling BitLocker. If you backed up your decryption key to your Microsoft account, you can find it on this page. All your encrypted PCs and drives will be here.

How to turn off BitLocker

If you’re no longer interested in using BitLocker for whatever reason, you can follow these steps to disable it.

  1. Open the Settings app and choose Privacy & security on the left-side menu.
  2. Click Device encryption.
  3. Choose BitLocker drive encryption to open the Control Panel

    If you previously enabled encryption using the Device encryption toggle, you can disable it in the Settings app. If you used BitLocker in the Control Panel, this option isn’t available.

    Screenshot of Device encryption settings with BitLocker encryption enabled

  4. Click Turn off BitLocker next to the drive you want to decrypt.
    Screenshot of BitLocker drive encryption page in Control Panel with the option to disable BitLocker encryption highlighted

  5. Confirm your choice by clicking Turn off BitLocker again.
    Screenshot of BitLocker drive encryption in Control Panel showing a confirmation prompt to turn off BitLocker.

  6. Your drive will begin decrypting, which may take a long time, depending on how many files you have.

Once the process finishes, your data will no longer be encrypted and anyone with physical access to the computer could be able to read it. It’s not generally recommended to disable BitLocker, but it might be useful if you move a drive to a new PC, for example.

How to use device encryption on Windows 11 Home

If you’re using Windows 11 Home but still want to make sure your data is encrypted, the process is very similar but somewhat simpler.​​​​​​

  1. Open the Settings app and choose Privacy & security from the menu on the left.
  2. Click Device encryption.
  3. Set the Device encryption toggle to On.
    Screenshot of the Windows 11 Settings app with device encryption enabled

  4. The encryption process will begin automatically.

Some devices may not support encryption, so if you don’t see the option, don’t be too alarmed. Your decryption key is backed up to your Microsoft account, so you must have one linked to your PC to encrypt your drive. You can find your decryption keys here. However, if you’d like to save a copy of your key, you can follow these steps:

  1. Open the Control Panel. You can search for Control Panel in the Start menu to find it.
  2. Select System & security.
    Screenshot of the Control Panel on Windows 11 with the System & Security section highlighted

  3. Click Device encryption.
    Screenshot of the System & security section in the Control Panel with the Device encryption option highlighted

  4. Click Back up your recovery key next to your drive.
    Screenshot of Device encryption page in Control Panel with option to back up the recovery key highlighted

  5. Choose a location for the backup. You can save it to a file or print it. There’s also an Azure AD option if you happen to have an account, but most Windows 11 Home users likely won’t.

    If you’re using a file, you’ll need to choose a location other than the encrypted drive.

    Screenshot of BitLocker drive encryption prompt asking users where to save a recovery key

That’s about it for enabling device encryption on Windows 11 Home. Disabling encryption is equally simple. Just head over to the Device encryption page in the Settings app and set the toggle to Off.

BitLocker encryption is one of the many security features in Windows 11, and if you’d like to learn more about that, you may want to check out how to use Smart App Control, a new feature in Windows 11 version 22H2. We also have a guide on how to turn off Microsoft Defender if that interests you.

link

By admin