Help protect your files using BitLocker Drive Encryption


You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

Note

Show all

To turn on BitLocker

Warning

  • When you turn on BitLocker for the first time, make sure you create a recovery key. Otherwise, you could permanently lose access to your files. For more info, see If I lose my recovery information, will the BitLocker-protected data be unrecoverable?

    If you use a screen reader app, you won’t be able to hear BitLocker screens that appear before the Welcome screen, such as the BitLocker PIN entry screen or the BitLocker recovery screen.

  1. Open BitLocker Drive Encryption by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering BitLocker in the search box, tapping or clicking Settings, and then tapping or clicking BitLocker Drive Encryption.

  2. Tap or click Turn on BitLocker. Administrator permission required You might be asked for an admin password or to confirm your choice.

    The BitLocker Drive Encryption setup dialog box opens.

  3. Follow the instructions.

To turn off or temporarily suspend BitLocker

You can temporarily suspend BitLocker—for example, if you need to install new software that BitLocker might otherwise block—and then resume it when you're ready. Or you can turn off BitLocker entirely, which decrypts the drive and removes all BitLocker protection.

  1. Open BitLocker Drive Encryption by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering BitLocker in the search box, tapping or clicking Settings, and then tapping or clicking BitLocker Drive Encryption.

  2. Do one of the following:

    • To temporarily suspend BitLocker, tap or click Suspend protection. Administrator permission required You might be asked for an admin password or to confirm your choice. Once you've done that, tap or click Yes.

    • To turn off BitLocker and decrypt the drive, tap or click the Turn off BitLocker link. Administrator permission required You might be asked for an admin password or to confirm your choice. Once you've done that, tap or click the Turn off BitLocker button.

What happens if I add more files to an encrypted drive?

New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted.

Where can I use BitLocker?

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

Show all

If you encrypt the operating system drive

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you'll need a special BitLocker recovery key to unlock it.

You can choose how to unlock the operating system drive when you turn on your PC—with a startup key or a PIN, for example. For more info about startup keys and PINs and how they work, see What is the difference between a TPM owner password, recovery password, recovery key, password, PIN, enhanced PIN, and startup key? To learn more about the TPM, see What are the advantages of a TPM?

If you encrypt a data drive

You can choose how you want to unlock an encrypted data drive: with a password or a smart card. For fixed data drives, you can also set the drive to automatically unlock when you unlock the PC, if you prefer, as long as the operating system drive is BitLocker-protected. For removable data drives encrypted with BitLocker To Go, you can set the drive to automatically unlock when you sign in to the PC.

For more info about creating a strong password, see Passwords in Windows: FAQ.




Need more help?