Device Encryption in Windows
Applies To
Windows 11 Windows 10Device Encryption is a Windows feature that enables BitLocker encryption automatically for the Operating System drive and fixed drives. It’s particularly beneficial for everyday users who want to ensure their personal information is safe without having to manage complex security settings.
When you first sign in or set up a device with a Microsoft account, or work or school account, Device Encryption is turned on and a recovery key is attached to that account. If you're using a local account, Device Encryption isn't turned on automatically.
Unlike BitLocker Drive Encryption, which is available on Windows Pro, Enterprise, or Education editions, Device Encryption is available on a wider range of devices, including those running Windows Home.
Enable Device Encryption
If your device didn't automatically enable Device Encryption, here are the steps to enable it:
-
Sign in to Windows with an administrator account
-
In the Settings app on your Windows device, select Privacy security > Device encryption or use the following shortcut:
Note: If Device encryption doesn't appear, it's either unavailable on your device, or you might be signed in with a standard user account.
-
Use the toggle button to turn Device Encryption On
Why isn't Device Encryption available?
Here are the steps to determine why Device Encryption might not be available:
-
From Start type System Information, right-click System Information in the list of results, then select Run as administrator
-
In the System Summary - Item's list, look for the value of Automatic Device Encryption Support or Device Encryption Support
The value describes the support status of Device Encryption:
-
Meets prerequisites: Device Encryption is available on your device
-
TPM is not usable: your device doesn't have a Trusted Platform Module (TPM), or the TPM isn't enabled in the BIOS or in the UEFI
-
WinRE is not configured: your device doesn't have Windows Recovery Environment configured
-
PCR7 binding is not supported: Secure Boot is disabled in the BIOS/UEFI, or you have peripherals connected to your device during boot (like specialized network interfaces, docking stations, or external graphic card)
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
