BitLocker offers the easiest and most secure way to encrypt your partition or hard drive in Windows. In order to prevent most offline physical attacks and firmware-level malware, you can encrypt the operating system drive with BitLocker. In this tutorial we’ll walk you through the steps to turn on BitLocker drive encryption on Windows 10 OS drive.
Note: BitLocker is only available in the Pro, Enterprise and Education editions of Windows 10. Before getting started, you need to find out if your computer has a TPM chip installed. When TPM is not available, you have to use group policy to enable additional authentication at startup.
How to Enable BitLocker on Windows 10 Operating System Drive
- Open the Control Panel in Large icons view, and then click BitLocker Drive Encryption.
- Click the Turn on BitLocker link to the right of your operating system drive.
- The system will check whether your PC meets the system requirements for using BitLocker. If everything’s OK, you’ll be prompted to save the BitLocker recovery key just in case you have problems unlocking your PC.
- In my case, I chose to save the recovery key to a file on external USB drive. Afterwards, click Next to continue.
- You’re asked to choose how much of your drive you want to encrypt: encrypt the used disk space only, or encrypt the entire drive to ensure no one can recover previously-deleted files.
- Next, you need to choose the encryption mode. New encryption mode is introduced since Windows 10 version 1511, so its encrypted drive can only be used on computers running Windows 10 (version 1511) or later.
- Make sure to check the “Run BitLocker system check” option, and click Continue.
- Restart your computer when asked.
- After the PC boots back up, Windows will encrypt your drive in the background. To check out the encryption progress, you can run the following command at an elevated Command Prompt:
manage-bde -status
- You can continue using your computer while the OS drive is being encrypted, but things may be running a little more slowly than usual.
If you’ve bought a brand-new computer with BitLocker turned on by default, make sure you recover and backup the BitLocker recovery key before you have trouble logging into Windows or you’re prompted for the recovery key during boot.