Sign in with Microsoft
New to Microsoft? Create an account.

Device encryption helps protect your data and it's available on a wide range of Windows devices.

Normally when you access your data it's through Windows and has the usual protections associated with signing into Windows. If somebody wants to bypass those Windows protections, however, they could open the computer case and remove the physical hard drive. Then by adding your hard drive as a second drive on a machine they control, they may be able to access your data without needing your credentials.

If your drive is encrypted, however, when they try to use that method to access the drive, they'll have to provide the decryption key (which they shouldn't have) in order to access anything on the drive. Without the decryption key the data on the drive will just look like gibberish to them. 

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Having trouble playing the video? Watch it on YouTube.

Is BitLocker asking for your recovery key? See Find your BitLocker recovery key. 

Is it available on my device?

BitLocker encryption is available on supported devices running Windows 10 or 11 Pro, Enterprise, or Education. 

On supported devices running Windows 10 or newer BitLocker will automatically be turned on the first time you sign into a personal Microsoft account (such as @outlook.com or @hotmail.com) or your work or school account.

BitLocker is not automatically turned on with local accounts, however you can manually turn it on in the Manage BitLocker tool.

To manage BitLocker encryption

Tap Start  and in the search box, type Manage BitLocker and then select it from the list of results.

The Manage BitLocker settings in Windows.

Note: You'll only see this option if BitLocker is available for your device. It isn't available on Windows Home edition.

If you have BitLocker turned on for your device, it's important to be sure you have the Recovery Key backed up somewhere. If BitLocker thinks an unauthorized user is trying to access the drive it will lock the system and ask for the BitLocker recovery key. If you don't have that key, you won't be able to access the drive, and Microsoft support doesn't have access to the recovery keys either so they can't provide it to you, or create a new one, if it's been lost.

It only takes a few moments to back up your recovery key. For more info see Back up your BitLocker recovery key.

If your device doesn't support BitLocker, you may be able to use Windows Device Encryption instead.

To see if you can use Windows device encryption

  1. In the search box on the taskbar, type System Information, right-click System Information in the list of results, then select Run as administrator. Or you can select the Start  button, and then under Windows Administrative Tools, select System Information.

  2. At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device. 

To turn on Windows device encryption

  1. Sign in to Windows with an administrator account (you may have to sign out and back in to switch accounts). For more info, see Create a local or administrator account in Windows 10.

  2. Select the Start  button, then select Settings  > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available. 

  3. If device encryption is turned off, select Turn on.

Additional resources

Back up your BitLocker recovery key

Finding your BitLocker recovery key in Windows

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×