BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

n

BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

n

System Requirements

n

    n

  1. For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later

  2. n

  3. A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.

  4. n

  5. The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.

  6. n

  7. The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.

  8. n

  9. BitLocker is available on Windows 11 Enterprise, Pro, and Education. It is not available for the Home Edition,

  10. n

  11. n

n

BitLocker Type Available for Widows 11

n

    n

  1. BitLocker – to encrypt and protect the Operating system and fixed data drives

  2. n

  3. BitLocker To Go – to encrypt removable drives such as USB, Memory Cards those are accessed from different devices.

  4. n

n

Step1 : Check whether BitLocker already enabled?

n

Open Powershell on Windows 11 in the Elevated Window and run the following command

n

Manage-bde -status

n

Windows 11

n

You can see the Proection Status : Protection off

n

Which means Bitlocker is not enabled and not Protected.

n

Windows 11

n

Step 2: You also can check whether the Volume Level Protection is enabled or not as well.

n

Get-BitLockerVolume

n

Windows 11

n

You can check for specific Volumes as well.

n

Windows 11

n

n

So far, we have identified the device is not enabled with BitLocker. Let’s Get in to Enable BitLocker.

n

Step 3: Open Windows 11 — Settings — Systems – Storage

n

Windows 11

n

Advanced Storage Settings

n

Windows 11

n

Disks & volumes

n

Windows 11

n

Select the Disk you want to enable BitLocker — Go to Properties

n

Windows 11

n

Click on Turn on BitLocker

n

Windows 11

n

n

Windows 11

n

Since I have joined the device with the Azure Active Directory, I have selected Save to your Azure AD Account

n

Windows 11

n

n

Windows 11

n

Click on Next

n

Windows 11

n

n

Select the Option and click on Next

n

Windows 11

n

n

Windows 11

n

Select Run BitLocker system check and Click on Continue

n

Windows 11

n

n

Windows 11

n

Restart the Device post enablement

n

Windows 11

n

Now, You can see the BitLocker is Turned ON

n

Windows 11

n

you check using cmdlet and see now Protection Status: Protection On

n

Windows 11

n

Volume also FullyEncrypted

n

Windows 11

n

Windows 11

n

in Azure AD, You can still see the BitLocker Recovery Key has been updated.

n

Windows 11

n

#AzureAD #BitLocker #Windows #Windows11

Author

Leave a comment

Your email address will not be published. Required fields are marked *