How to Enable BitLocker

Overview

What is BitLocker:

BitLocker Drive Encryption is a native security feature that encrypts everything on the drive that Windows is installed on. Device encryption helps protect your data by encrypting it. Only someone with the right encryption key (such as a personal identification number) can decrypt it.

How does it work:

BitLocker is used in conjunction with a hardware component called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers by the computer manufacturer. BitLocker stores its recovery key in the TPM (version 1.2 or higher).

When you enable BitLocker, you create 

a personal identification number (PIN) that will be required to enter each time you start up your computer. While enabling BitLocker, a recovery key is generated. The recovery key is used to gain access to your computer should you forget your password. After the recovery key is generated you will be prompted to restart the machine. The encryption process begins when the computer reboots.

Note: You should print or save the recovery key and store it in a safe place apart from your computer. 

Requirements

To use BitLocker, your computer must satisfy certain requirements:

• Supported operating systems:
  • Windows 10 - Education, Pro, or Enterprise edition
  • Windows 8 — Professional or Enterprise edition
  • Windows 7 — Enterprise or Ultimate edition
• For Windows 7, the Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).

Additional requirements:

• You must be logged in as an administrator.
• You must have access to a printer to print the recovery key.

Enabling BitLocker

If your computer meets the Windows version and TPM requirements, the process for enabling BitLocker is as follows:

1. Click Start , click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
2. Click Turn on BitLocker.
   
   
3. BitLocker scans your computer to verify that it meets the system requirements.
   • If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences in step 8.
   • If preparations need to be made to your computer to turn on BitLocker, they are displayed. Click Next.
4. 
5. If prompted to do so, remove any CDs, DVDs, and USB flash drives from your computer and then click Shutdown.
   
   
6. Turn your computer back on after shutdown. Follow the instructions in the message to continue initializing the TMP. (The message varies, depending on the computer manufacturer).
   
   
7. If your computer shuts down again, turn it back on.
8. The BitLocker setup wizard resumes atomically. Click Next.
   
   
9. When the BitLocker startup preferences page is displayed, click Require a PIN at every startup.
   
   
10. Enter a PIN from 8 to 20 characters long and then enter it again in the Confirm PIN field. Click Set PIN.
    Note: You will need to enter your PIN each time you start your computer.
    
    
11. To store your recovery key, select Print the recovery key and then click Next.
    Note: Make sure your computer is connected to a printer.
    
    
12. Print a copy of your recovery key.
    
    
13. You will be prompted to restart your computer to start the encryption process. You can use your computer while your drive is being encrypted