BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
- For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later
- A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
- The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
- The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
- BitLocker is available on Windows 11 Enterprise, Pro, and Education. It is not available for the Home Edition,
BitLocker Type Available for Widows 11
- BitLocker – to encrypt and protect the Operating system and fixed data drives
- BitLocker To Go – to encrypt removable drives such as USB, Memory Cards those are accessed from different devices.
Step1 : Check whether BitLocker already enabled?
Open Powershell on Windows 11 in the Elevated Window and run the following command
You can see the Proection Status : Protection off
Which means Bitlocker is not enabled and not Protected.
Step 2: You also can check whether the Volume Level Protection is enabled or not as well.
You can check for specific Volumes as well.
So far, we have identified the device is not enabled with BitLocker. Let’s Get in to Enable BitLocker.
Step 3: Open Windows 11 — Settings — Systems – Storage
Disks & volumes
Select the Disk you want to enable BitLocker — Go to Properties
Click on Turn on BitLocker
Since I have joined the device with the Azure Active Directory, I have selected Save to your Azure AD Account
Click on Next
Select the Option and click on Next
Select Run BitLocker system check and Click on Continue
Restart the Device post enablement
Now, You can see the BitLocker is Turned ON
you check using cmdlet and see now Protection Status: Protection On
Volume also FullyEncrypted
in Azure AD, You can still see the BitLocker Recovery Key has been updated.