BitLocker – Windows Blog by Brink

BitLocker

Find BitLocker Recovery Key in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it.

Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure. This can also happen if you make changes in hardware, firmware, or software which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorized owner of the device. This is to be certain that the person trying to unlock the data really is authorized.

Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.

It depends on how you backed up your BitLocker recovery key for where to find it.

This tutorial will show you how to find your BitLocker recovery key for a drive in Windows 10 and Windows 11.

Read more…

Check BitLocker Drive Encryption Status of Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

Knowing the current BitLocker Drive Encryption status of a drive can help you to manage BitLocker settings for the drive.

This tutorial will show you how to check the current status if BitLocker Drive Encryption for a drive in Windows 10 and Windows 11.

Read more…

Back up BitLocker Recovery Key in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it.

Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure. This can also happen if you make changes in hardware, firmware, or software which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorized owner of the device. This is to be certain that the person trying to unlock the data really is authorized.

Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.

This tutorial will show you how to back up the BitLocker recovery key for a drive in Windows 10 and Windows 11.

Read more…

Change how BitLocker Unlocks OS Drive at Startup in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you’ll need a special¬†BitLocker recovery key¬†to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.

This tutorial will show you how to choose how to unlock your operating system drive at startup with a PIN, USB flash drive, or automatically with TPM in Windows 11.

Read more…

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you’ll need a special¬†BitLocker recovery key¬†to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.

This tutorial will show you how to enable or disable BitLocker to unlock the operating system drive at startup with a PIN or USB flash drive in Windows 10 and Windows 11.

Read more…

Turn Off BitLocker for Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

When you turn off BitLocker for a drive encrypted by BitLocker, it will completely decrypt the drive.

This tutorial will show you how to turn off BitLocker for an encrypted drive in Windows 10 and Windows 11.

Read more…

Turn On or Off Auto-unlock for BitLocker Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

If BitLocker has been turned on for the operating system drive, you can set BitLocker to automatically unlock fixed data drives and removable data drives encrypted by BitLocker when you sign in to Windows. BitLocker uses encrypted information stored in the registry and volume metadata to unlock any drives that use automatic unlocking.

This tutorial will show you how to turn on or off auto-unlock for a fixed or removable data drive encrypted by BitLocker for your account in Windows 10 and Windows 11.

Read more…

Add or Remove Turn on BitLocker context menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

This tutorial will show you how to add or remove the Turn on BitLocker context menu for drives for all users in Windows 10 and Windows 11.

Read more…

Add Suspend BitLocker protection to Context Menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can use BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

You can temporarily¬†suspend BitLocker protection¬†(pause) whenever you like for an unlocked drive encrypted by BitLocker‚ÄĒfor example, if you need to install new software that BitLocker might otherwise block‚ÄĒand then resume BitLocker protection on the drive again when you’re ready.

Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.

When you suspend BitLocker protection for an OS drive, it will remain unlocked and unprotected until you either manually resume BitLocker protection for the drive, or have it resume BitLocker protection automatically the next time you restart the PC.

When you suspend BitLocker protection for a fixed data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC.

When you suspend BitLocker protection for a removable data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC, or disconnect and reconnect the drive.

This tutorial will show you how to add Suspend BitLocker protection to the context menu of all unlocked drives encrypted by BitLocker for all users in Windows 10 and Windows 11.

Read more…

Add BitLocker Status for Drive Context Menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can use BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

The BitLocker Status context menu uses the manage-bde status command to provide information about a drive on the computer; whether or not it is BitLocker-protected, including:

  • Size
  • BitLocker version
  • Conversion status
  • Percentage encrypted
  • Encryption method
  • Protection status
  • Lock status
  • Identification field
  • Key protectors

Knowing the current BitLocker Drive Encryption status of a drive can help you to manage BitLocker settings for the drive.

This tutorial will show you how to add BitLocker Status to the context menu of all drives in Windows 10 and Windows 11.

Read more…

Add Lock Drive with BitLocker Context Menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can use BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

You can choose how you want to unlock an encrypted data drive: with a password or a smart card. For removable data drives encrypted with BitLocker To Go, you can set the drive to automatically unlock when you sign in to the PC. For fixed data drives, you can also set the drive to automatically unlock when you unlock the PC, if you prefer, as long as the operating system drive is BitLocker-protected.

To lock a fixed data drive encrypted by BitLocker, you could restart the computer unless you set the drive to automatically unlock when you sign in next.

To lock a removable data drive encrypted by BitLocker To Go, you could disconnect the drive or restart the computer unless you set the drive to automatically unlock when you connect the drive or sign in next.

This tutorial will show you how to add Lock Drive to the context menu of all unlocked fixed and removable drives encrypted by BitLocker to lock the drive on demand in Windows 11.

Read more…

Add Turn off BitLocker context menu in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can use BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

When you turn off BitLocker for a drive encrypted by BitLocker, it will completely decrypt the drive.

This tutorial will show you how to add or remove a Turn off BitLocker context menu for all drives encrypted by BitLocker for all users in Windows 11.

Read more…

Turn On BitLocker for Removable Data Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems.

You can choose to unlock BitLocker for a removable data drive with a password or a smart card. You can set the removable data drive to automatically unlock after encrypted when you sign in to Windows.

This tutorial will show you how to turn on or off BitLocker To Go to encrypt or decrypt a removable data drive in Windows 10.

Read more…

Turn On BitLocker for Fixed Data Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

You can choose to unlock BitLocker for a fixed data drive automatically if BitLocker is turned on for OS drive, or with a password or smart card.

This tutorial will show you how to turn on BitLocker to encrypt a fixed data drive in Windows 11.

Read more…

Turn On BitLocker for Operating System Drive in Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned OS drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you’ll need a special¬†BitLocker recovery key¬†to unlock it.

You can choose to unlock BitLocker at startup for the operating system drive with a PIN, with USB flash drive, or automatically with TPM.

This tutorial will show you how to turn on BitLocker Drive Encryption for an operating system drive in Windows 11.

Read more…

How to Enable or Disable Use of BitLocker on Removable Data Drives in Windows

You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they’re automatically decrypted.

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

If you like, you can configure the Control use of BitLocker on removable drives group policy setting that controls the use of BitLocker on removable data drives. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose “Allow users to apply BitLocker protection on removable data drives” to permit the user to run the BitLocker setup wizard on a removable data drive. Choose “Allow users to suspend and decrypt BitLocker on removable data drives” to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.

This tutorial will show you how to enable or disable the ability to configure and use BitLocker on removable data drives for all users in Windows 7, Windows 8, and Windows 10.

Read more…

How to Check if Device Encryption is Supported in Windows 10

Device encryption helps protect your data, and it’s available on a wide range of Windows devices. If you turn on device encryption, the data on your device can only be accessed by people who’ve been authorized. If device encryption isn’t available on your device, you may be able to turn on standard BitLocker encryption instead.

Device encryption is available on supported devices (ex: tablet or 2-in-1 laptop) running any Windows 10 edition. If you want to use standard BitLocker encryption instead, it is only available on supported devices running Windows 10 Pro, Enterprise, or Education. Some devices have both types of encryption. BitLocker is not available on Windows 10 Home edition.

This tutorial will show you how to check if device encryption is supported by your Windows 10 PC.

Read more…

How to Turn On or Off Device Encryption in Windows 10

Device encryption helps protect your data, and it’s available on a wide range of Windows devices. If you turn on device encryption, the data on your device can only be accessed by people who’ve been authorized. If device encryption isn’t available on your device, you may be able to turn on standard BitLocker encryption instead.

Device encryption is available on supported devices (ex: tablet or 2-in-1 laptop) running any Windows 10 edition. If you want to use standard BitLocker encryption instead, it is only available on supported devices running Windows 10 Pro, Enterprise, or Education. Some devices have both types of encryption. BitLocker is not available on Windows 10 Home edition.

This tutorial will show you how to turn on or off device encryption in Windows 10.

Read more…

How to Create BitLocker Encrypted Container File with a VHD or VHDX File in Windows

You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they’re automatically decrypted.

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

You can also use BitLocker to encrypted a VHD or VHDX (virtual hard disk) file mounted as a drive. You can copy and move this VHD or VHDX file to any Windows computer as a portable encrypted container file. When you mount the VHD or VHDX file on a computer and try to open the encrypted drive for it, you will be prompted for your BitLocker password before it will open.

You can save files into this BitLocker drive for VHD or VHDX file when unlocked like any other drive, and lock or unmount the drive when you like to secure it.

This tutorial will show you how to create a portable BitLocker encrypted container file using a mounted VHD or VHDX file in Windows 7, Windows 8, and Windows 10.

Read more…

How to Find BitLocker Recovery Key in Windows 10

You can use BitLocker to encrypt the operating system drive (drive Windows is installed on0, fixed data drive (internal hard drive) or removable data drive (external hard drive or USB flash drive).

If you lost or don’t know your BitLocker key (ex: password, PIN, USB) but you have your BitLocker recovery key for an encrypted OS, fixed, or removable drive, you can use that recovery key to unlock your drive. The BitLocker recovery key is a 48-digit number stored in your computer.

You have the following options to select from when you back up your BitLocker recovery key:

  • Save to your Microsoft account
  • Save to a USB flash drive
  • Save to a file
  • Print the recovery key

This tutorial will show you how to find your BitLocker recovery key for a drive in Windows 10.

Read more…