Windows 11 Device Encryption: How to Enable & Use it
Protect your data from unauthorized users
4 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- If you want to keep all files safe on your drive, it's important to use device encryption.
- It's pretty simple to do that by using a built-in tool from Windows 11.
- You will have to protect important data with a password or a USB key but make sure you store them securely or another storage device.
If you want to protect your sensitive data, it’s important to use drive encryption on Windows 11.
And the great news is that the OS (except for the Home version) comes with a built-in tool to do that, called BitLocker.
Here, we will explain how to encrypt your hard drive on Windows 11 and use BitLocker on Microsoft’s operating system.
However, we will start by telling you a few things you should know about drive encryption and security.
What is drive encryption, and why do we need it?
Hard-drive encryption is the process of encrypting the data stored on a hard drive using mathematical functions.
This way, essential data will not be seen by anyone who doesn’t have access to the key or password you set up. This is an essential layer of security against ransomware and other online attacks.
Here’s how it works: when a file is written to the drive, it is encrypted automatically with the help of specialized software.
In the same way, when you access a file on the drive, the same tool decrypts it, but only if you can provide the password you set up when you encrypted the drive. Windows 11 comes with Device Encryption and BitLocker Encryption.
There’s a catch! You can’t use BitLocker if your PC has no TPM 2.0 chip installed. However, we have a workaround for that, too, so read on.
How to manage the encryption of my hard drive on Windows 11?
1. Enable hard drive encryption
1. Click the Search icon on your Taskbar.
2. Type BitLocker in the search box that opened and click on the app from the results.
3. Select Turn on BitLocker.
4. You will be prompted to select a method to unlock your drive at startup. We recommend using the password method but you can also use a USB key that you need to provide.
5. Enter the password and re-enter it, then click Next.
6. After that, you will be asked to save the key in another way too. You can save it in your Microsoft account, on a file, on a USB stick or just print it.
7. The next step is to choose whether you want to encrypt the whole drive or just the used part.
8. Make your selection, then click Next.
9. Now you need to choose the encryption mode you want to use. As you’re using Windows 11, you can go with the first option, for fixed drives, but you can also select the second one if you plan on moving your drive.
10. At last, check the Run BitLocker system check box and then click Continue.
11. You will now be prompted to Restart.
12. After the reboot, you will be prompted to enter the password to unlock your drive.
You can encrypt your disk on your Windows 11 device using the built-in BitLocker tool from Control Panel. This tool allows users to encrypt their data so that it is only accessible to those who either insert a designated USB drive upon booting, or input the required password.
2. Encrypt your drive if your PC is not TPM 2.0 compatible
If after you click on the BitLocker drive encryption from Device encryption you see the message that Device encryption is not available for this device, that means your PC is not TPM 2.0 ready.
Don’t worry, we can take care of that with a few easy steps to perform.
- Press the Windows key + R to start Run, type gpedit.msc and press Enter or click OK.
- In the Group Policy Editor, go to the following path:
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
- Now double click the Require additional authentication at startup key to open it.
- Check the Enabled option from the top, then check the Allow BitLocker without compatible TPM (requires a password or a startup key on a USB flash drive) box, then click OK.
- Now, repeat the steps from the first solution to enable BitLocker encryption.
3. Disable drive encryption
If you have changed your mind and down want to use drive encryption on your Windows 11 PC, you can do that by following these steps:
- Click the Search icon from the Taskbar, type bitlocker and select the app from results.
- Now click on Turn off BitLocker.
- Confirm your choice clicking again on Turn off BitLocker.
- Wait until BitLocker finishes to decrypt your drive before restarting or shutting down your PC.
Encrypting the drive is essential for all sensitive data from your PC and will enforce an additional layer of protection against attacks and even prying eyes.
However, this can be a two-way street because if you don’t take all precautions in managing your unlocking keys or your password, you will be unable to access your data yourself. But many, when setting up the feature, found that Device Encryption is missing in Windows 11.
You might also be interested in our guide on how to protect a folder in Windows 11 and only secure certain files. You can check out more with our in-depth comparison of Device Encryption and BitLocker Encryption.
We hope our guide helped you enable drive encryption on Windows 11 and that your data is safe now.
If you have any questions or suggestions, write them down in a comment in the dedicated section below, and we will get back to you as soon as possible.
User forum
0 messages