Open File Explorer, right-click any drive icon, and click Manage BitLocker.
The simplest tools are available in the Windows graphical interface, but only if you are running Windows 10 Pro or Enterprise. You can, however, use tools built into the operating system to perform a variety of management tasks.
After you enable encryption for a drive, it doesn't require any maintenance. Managing BitLockerįor the most part, BitLocker is a set-it-and-forget-it feature.
Virtually all devices that were originally manufactured for Windows 10 meet these requirements. The device also needs to support the Modern Standby feature (formerly known as InstantGo). The most important hardware feature required to support BitLocker Device Encryption is a Trusted Platform Module chip, or TPM.
For virtually all modern hardware, BitLocker is a superior choice.Īlso: Best encryption software for business in 2020: BitLocker, FileVault, Guardium, and more Hardware requirements This is a file- and folder-based encryption system that was introduced with Windows 2000. Note that Windows 10 still supports the much older Encrypted File System feature.
In those cases, you'll need a firmware upgrade for the SSD until that upgrade is available, you can switch to software encryption using the instructions in this Microsoft Security Advisory: Guidance for configuring BitLocker to enforce software encryption. Note that a vulnerability in this feature, first disclosed in November 2018, could expose data under certain circumstances. On self-encrypting solid-state drives that support hardware encryption, Windows 10 will offload the work of encrypting and decrypting data to the hardware.
That action removes the clear key, uploads a recovery key to the user's OneDrive account, and encrypts the data on the system drive.
Here's how to make sure your data is protected. A limited but still effective subset of BitLocker device encryption features are also available in Windows 10 Home editions.
On modern devices, the encryption code also performs pre-boot system integrity checks that detect attempts to bypass the boot loader.īitLocker is the brand name that Microsoft uses for the encryption tools available in business editions of Windows (desktop and server). Using management tools, you can increase the encryption strength to XTS-AES 256. The most effective way to stop that nightmare scenario is to encrypt the entire device so that its contents are only available to you or someone with the recovery key.Īlso: Here's how you can still get a free Windows 10 upgradeĪll editions of Windows 10 since version 1511 (released in November 2015) include XTS-AES 128-bit device encryption options that are robust enough to protect against even the most determined attacks. Even if they can't sign in using your Windows user account, a thief could boot from a removable device and browse the contents of the system drive with impunity. But that's nothing compared to what you'd stand to lose if someone had unfettered access to the data on that device. If your PC were lost or stolen, you'd probably cringe at the cost of replacing it.