One of the reasons to take prudent security measures on our PCs and laptops is the presence of sensitive and critical data. If you are a person who keeps crucial information on your drives, then you can encrypt the drive and data in it, to keep it safe from hackers and prying eyes. And you don’t have to go looking for specialized software too. The BitLocker in Windows 10 can encrypt the internal as well as external drives for you.
Encryption allows you to password-protect your essential saved data. The people who know the encryption key/password can access the data without any trouble. To others without a key, data may seem gibberish and unreadable if tried to read it directly or via a 3rd party tool.
What is BitLocker Windows 10?
BitLocker is the encryption mechanism provided by Microsoft to ensure there is no unauthorized access to your system drives. It works very well and offers the best security when used with a TPM (Trusted Platform Module) version 1.2 chip.
The TPM chip is a hardware component that is provided by most manufacturers nowadays to ensure their end-users data security. TPM makes sure that there is no tampering done in an offline state of the system.
There are two types of BitLocker drive encryption. You don’t need to select any kind of encryption yourself as Windows 10 does it for you. However, knowing the details below can help you understand the difference between encrypting a flash drive and encrypting a hard drive.
- BitLocker Drive Encryption: This process is applied by Windows 10 when you encrypt an entire drive. When this encryption is applied, and the PC is booted, a system reserved partition is used to load the Windows boot loader, and then there is a prompt to add a password (or decryption method you selected). Once you add the password, BitLocker will decrypt the drive and load Windows. You can access your drive generally after that.
- BitLocker To Go: This method is used when a flash or external drive is encrypted using BitLocker. After encryption, whenever you connect the flash drive, you will be asked for a password or smart card (the decryption way you opt for). Once entered, you can access the files in external drives.
In both scenarios, you are asked the password. However, in case of entire drive encryption, you need to add a decryption key during the booting process. BitLocker Drive Encryption modifies the boot sector, while the other method doesn’t make any critical changes in the system.
What do you need to encrypt a hard drive in Windows 10?
There are some prior checks and minimum requirements to get started with the encryption of your hard drive in Windows 10. Let’s see what those checks are and how to get through those checks.
1. Windows 10 Professional or Enterprise version – the BitLocker feature is not available in Windows 10 Home version. You can use device encryption to use BitLocker in Windows 10 Home.
If you are unsure about your Windows 10 version, then do the following. Go to File Explorer, right-click on This PC. Select Properties from the context menu. Under Windows edition, you will see the version/edition of your system.
It is Windows 10 Pro in our case. For Home users, it will be “Windows 10 Home”.
2. TPM Chip – Many manufacturers provide you with this chip. You can check if your system has a TPM chip using the steps mentioned below.
3. Hard drive partition formatted using NTFS
4. Uninterrupted power supply, otherwise you will damage your hard drive. Take special care of this as the data loss may not be recovered.
Now, let’s see how to check the TPM chip in your Windows 10 system. And don’t panic if you don’t find it. There are ways to implement BitLocker without a TPM chip, which is covered in the later section of this article.
How to Check the Presence of a TPM Chip on your Windows 10 System?
There are three ways to check if a TPM chip is present or not. You can check with any of the ways convenient for you.
1. Using Run
The easiest way to check the presence of a TPM chip is by using Run.
To do so, press Windows key + R to open Run, type tpm.msc in the text box and then hit Enter or click on OK.
You will see information related to TPM in the window, which opens, as shown in the image below.
If you don’t have TPM, then there will be an error message showing ‘Compatible TPM cannot be found’.
2. Use Device Manager
With some users, this way won’t work, but there is no need to worry. You can still opt for the 1st and 3rd way of finding TPM.
Press Windows key + X to open the quick link menu and click on Device Manager. Now, in the device manager, search for Security devices and expand it. You will see a Trusted Platform Module with the version number.
3. Refer Manufacturer Manual or Website
You can check the manufacturer manual that came with the system. Optionally, you can go to their official website and get the needed information with your device’s model name or series number.
Once you check whether TMP is present or not on your system, you can refer to the required section.
How to Encrypt a Drive using BitLocker in Windows 10 with TPM?
If your system has a Trusted Platform Module chip, then you don’t need to perform some extra steps. You can directly start with the encryption.
Note: It is recommended to back up the entire Windows system before starting with the encryption. You can take the backup with the help of the system image in Windows 10.
Once you are done with the backup, you can use Bitlocker Windows 10 to encrypt the drive.
Step 1: Go to ‘This PC’ from File Explorer and right-click on it. From the context menu, choose Turn on BitLocker.
Optionally, you can also search ‘manage BitLocker’ in the start menu and click on Manage BitLocker to open it. There you will see the Turn on BitLocker option.
Both the ways will turn on BitLocker for you.
Step 2: Next, choose how you will save the recovery key. The options are to save it in the cloud, in the file, or print it. You can select the way which is convenient for you. Once done with the selection, click on Next.
Step 3: You will be asked ‘How much of your drive to encrypt?’ – encrypt the entire drive and encrypt the used drive. You can select the one you want.
If you want your encryption process to be faster, then go for encrypting the used drive. And if you have enough time in hand, then opt for encrypting the entire drive.
Click on Next after selecting the appropriate option.
Step 4: Check the checkbox next to the ‘Run BitLocker system check’ and click on Continue. This will restart your system, so make sure you save all your work before clicking on Continue.
Step 5: Now, click on Restart now option.
The encryption process can take time, so make sure your laptop/computer is connected to an uninterrupted power source.
How to Encrypt a Drive using BitLocker in Windows 10 without TPM?
If your PC doesn’t have a TPM chip, then you need to tweak into the local group policy editor in Windows 10.
Follow the instructions given below to encrypt the drive without TPM.
Type local group policy in the search menu and click on Edit group policy from the search result.
Once the Group Policy Editor opens, navigate to Computer Configuration ➜ Administrative Templates ➜ Windows Components ➜ BitLocker Drive Encryption by expanding each folder.
Under the BitLocker Drive Encryption, click on Operating System Drives. On the right frame, double click on ‘Require additional authentication at startup’.
Click on Enabled and also make sure the checkbox next to Allow BitLocker without a compatible TPM is checked.
Click on Apply and then OK. Close the Group Policy Editor.
Once this is done, you can refer to the steps mentioned in the above section ‘Encrypt a drive using BitLocker in Windows 10 with TPM’.
How to Turn Off BitLocker?
There might be instances when you wish to disable the BitLocker Windows 10. Well, it is very easy to turn off BitLocker.
Step 1: Type manage BitLocker in the search menu and open Manage BitLocker from the control panel.
Step 2: Under Operating System drive, click on Turn off BitLocker.
Now, wait till decryption takes place. Once decryption is done, your Windows system won’t ask for a password when booted.
How to Encrypt an External or Flash Drive using BitLocker in Windows 10?
You can encrypt the data present in any particular flash drive or external drives. At times the flash drives and external drives may store more critical and sensitive data than your hard drives. Hence, sometimes, a need to encrypt these drives can also arise.
Even Windows 10 home users can encrypt external drives using third-party applications like VeraCrypt. To get more details about the same, you can refer to our guide on how to encrypt a flash drive in Windows 10.
BitLocker can help you encrypt drives in Windows Pro and Enterprise editions. With the detailed steps given above, you can easily encrypt any type of drive, be it external or internal, in a convenient way. You need to check the initial requirements to get started with the encryption process. You can also disable BitLocker in Windows 10 when you no longer need the protection of your drives.
(Article updated on 27th April 2020)