Change how BitLocker Unlocks OS Drive at Startup in Windows 11 – Windows Blog by Brink

Change how BitLocker Unlocks OS Drive at Startup in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you’ll need a special BitLocker recovery key to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.

This tutorial will show you how to choose how to unlock your operating system drive at startup with a PIN, USB flash drive, or automatically with TPM in Windows 11.

Read more…