Help & learning for Windows 11 is coming soon!

In the meantime, check out what's available for Windows 10 on the Windows 10 tab.

Learn more about Windows 11

Windows 11 logo on a blue background

What is device encryption?

Device encryption helps protect your data, and it's available on a wide range of Windows devices. If you turn on device encryption, the data on your device can only be accessed by people who've been authorized. If device encryption isn't available on your device, you may be able to turn on standard BitLocker encryption instead. 

Note: BitLocker is not available on Windows 10 Home edition.

Normally when you access your data it's through Windows 10 and has the usual protections associated with signing into Windows 10. If somebody wants to bypass those Windows protections they could open the computer case and remove the physical hard drive. Then by adding your hard drive as a second drive on a machine they control, they may be able to access your data without needing your credentials.

If your drive is encrypted, however, when they try to use that method to access the drive they'll have to provide the decryption key (which they shouldn't have) in order to access anything on the drive. Without the decryption key the data on the drive will just look like gibberish to them. 

Is it available on my device?

Device encryption is available on supported devices running any Windows 10 edition. If you want to use standard BitLocker encryption instead, it's available on supported devices running Windows 10 Pro, Enterprise, or Education. Some devices have both types of encryption. For example, a Surface Pro which runs Windows 10 Pro has both the simplified device encryption experience, and the full BitLocker management controls. Not sure which version of Windows you have? See Which Windows operating system am I running?

To see if you can use device encryption

  1. In the search box on the taskbar, type System Information, right-click System Information in the list of results, then select Run as administrator. Or you can select the Start  button, and then under Windows Administrative Tools, select System Information.

  2. At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device. If it isn't available, you may be able to use standard BitLocker encryption instead.

To turn on device encryption

  1. Sign in to Windows with an administrator account (you may have to sign out and back in to switch accounts). For more info, see Create a local or administrator account in Windows 10.

  2. Select the Start  button, then select Settings  > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available. You may be able to turn on standard BitLocker encryption instead.

  3. If device encryption is turned off, select Turn on.

To turn on standard BitLocker encryption

  1. Sign in to your Windows device with an administrator account (you may have to sign out and back in to switch accounts). For more info, see Create a local or administrator account in Windows 10.

  2. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Or you can select the Start  button, and then under Windows System, select Control Panel. In Control Panel, select System and Security, and then under BitLocker Drive Encryption, select Manage BitLocker.

    Note: You'll only see this option if BitLocker is available for your device. It isn't available on Windows 10 Home edition.

  3. Select Turn on BitLocker and then follow the instructions. (If BitLocker is turned on and you want to turn it off, select Turn off BitLocker.)

Additional resources

If your device requires a recovery key to unlock, see Find your recovery key

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×