BitLocker on Windows 11

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

System Requirements

  1. For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later
  2. A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  3. The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
  4. The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
  5. BitLocker is available on Windows 11 Enterprise, Pro, and Education. It is not available for the Home Edition,

BitLocker Type Available for Widows 11

  1. BitLocker – to encrypt and protect the Operating system and fixed data drives
  2. BitLocker To Go – to encrypt removable drives such as USB, Memory Cards those are accessed from different devices.

Step1 : Check whether BitLocker already enabled?

Open Powershell on Windows 11 in the Elevated Window and run the following command

Manage-bde -status

You can see the Proection Status : Protection off

Which means Bitlocker is not enabled and not Protected.

Step 2: You also can check whether the Volume Level Protection is enabled or not as well.

Get-BitLockerVolume

You can check for specific Volumes as well.

So far, we have identified the device is not enabled with BitLocker. Let’s Get in to Enable BitLocker.

Step 3: Open Windows 11 — Settings — Systems – Storage

Advanced Storage Settings

Disks & volumes

Select the Disk you want to enable BitLocker — Go to Properties

Click on Turn on BitLocker

Since I have joined the device with the Azure Active Directory, I have selected Save to your Azure AD Account

Click on Next

Select the Option and click on Next

Select Run BitLocker system check and Click on Continue

Restart the Device post enablement

Now, You can see the BitLocker is Turned ON

you check using cmdlet and see now Protection Status: Protection On

Volume also FullyEncrypted

in Azure AD, You can still see the BitLocker Recovery Key has been updated.

#AzureAD #BitLocker #Windows #Windows11

Author

Leave a comment

Your email address will not be published. Required fields are marked *