Windows 11 Device Encryption: How to Enable & Use it
Protect your data from unauthorized users
- If you want to keep all files safe on your drive, it's important to use device encryption.
- It's pretty simple to do that by using a built-in tool from Windows 11.
- You will have to protect important data with a password or a USB key but make sure you store them securely or another storage device.
If you want to protect your sensitive data, it’s important to use drive encryption on Windows 11.
And the great news is that the OS (except for the Home version) comes with a built-in tool to do that, called BitLocker.
Here we will explain how to encrypt your hard drive on Windows 11 and also how to use BitLocker on Microsoft’s operating system.
However, we will start by telling you a few things you should know about drive encryption and security.
What is drive encryption and why do we need it?
Hard-drive encryption is the process of encrypting the data stored on a hard drive using mathematical functions.
This way, important data will not be seen by anyone who doesn’t have access to the key or password you set up. This is an important layer of security against ransomware and other online attacks.
Here’s how it works: when a file is written to the drive, it is encrypted automatically with the help of specialized software.
In the same way, when you access a file on the drive, the same tool decrypts it, but only if you can provide the password you set up when you encrypted the drive.
There’s a catch! You can’t use BitLocker if your PC doesn’t have a TPM 2.0 chip installed. However, we have a workaround for that too so read on.
How to manage the encryption of my hard drive on Windows 11?
1. Enable hard drive encryption
You can encrypt your disk on your Windows 11 device using the built-in BitLocker tool from Control Panel. This tool allows users to encrypt their data so that it is only accessible to those who either insert a designated USB drive upon booting, or input the required password.
1. Click the Search icon on your Taskbar.
2. Type BitLocker in the search box that opened and click on the app from the results.
3. Select Turn on BitLocker.
4. You will be prompted to select a method to unlock your drive at startup. We recommend using the password method but you can also use a USB key that you need to provide.
5. Enter the password and re-enter it, then click Next.
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.
6. After that, you will be asked to save the key in another way too. You can save it in your Microsoft account, on a file, on a USB stick or just print it.
7. The next step is to choose whether you want to encrypt the whole drive or just the used part.
8. Make your selection, then click Next.
9. Now you need to choose the encryption mode you want to use. As you’re using Windows 11, you can go with the first option, for fixed drives, but you can also select the second one if you plan on moving your drive.
10. At last, check the Run BitLocker system check box and then click Continue.
11. You will now be prompted to Restart.
12. After the reboot, you will be prompted to enter the password to unlock your drive.
2. Encrypt your drive if your PC is not TPM 2.0 compatible
If after you click on the BitLocker drive encryption from Device encryption you see the message that Device encryption is not available for this device, that means your PC is not TPM 2.0 ready.
Don’t worry, we can take care of that with a few easy steps to perform.
- Press the Windows key + R to start Run, type gpedit.msc and press Enter or click OK.
- In the Group Policy Editor, go to the following path:
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
- Now double click the Require additional authentication at startup key to open it.
- Check the Enabled option from the top, then check the Allow BitLocker without compatible TPM (requires a password or a startup key on a USB flash drive) box, then click OK.
- Now repeat the steps from the first solution to enable BitLocker encryption.
3. Disable drive encryption
If you have changed your mind and down want to use drive encryption on your Windows 11 PC, you can do that by following these steps:
- Click the Search icon from the Taskbar, type bitlocker and select the app from results.
- Now click on Turn off BitLocker.
- Confirm your choice clicking again on Turn off BitLocker.
- Wait until BitLocker finishes to decrypt your drive before restarting or shutting down your PC.
Encrypting the drive is essential for all sensitive data from your PC and will enforce an additional layer of protection against attacks and even prying eyes.
However, this can be a two-way street because if you don’t take all precautions in managing your unlocking keys or your password, you will end up not being able to access your data yourself.
You might also be interested in our guide on how to protect a folder in Windows 11 and only secure certain files.
We hope that our guide helped you enable drive encryption on Windows 11 and your data is safe now.
If you have any questions or suggestions, write them down in a comment on the dedicated section below and we will get back to you as soon as possible.
Still having issues? Fix them with this tool:
If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.