Disk encryption is an essential security measure for safeguarding data on Windows systems. BitLocker is a built-in feature that provides robust full-disk encryption, making the contents unreadable without the correct decryption key. By relying on advanced cryptographic methods, it helps maintain data confidentiality in situations where the physical device might be lost, stolen, or accessed by unauthorized users.
Systems equipped with a Trusted Platform Module (TPM) can use it to securely store cryptographic keys, enabling seamless drive unlocking during startup. However, BitLocker also supports password-based or USB-based methods for devices without a TPM chip, ensuring broad compatibility. In both cases, the encryption process is transparent to legitimate users and helps prevent unauthorized access.
BitLocker To Go extends these encryption capabilities to portable drives, such as external hard disks and USB flash drives. These removable media maintain protection when used on other Windows machines, safeguarding sensitive information during file transfers or collaboration. Built on AES encryption with options like XTS-AES, BitLocker offers strong disk-level protection for both fixed and removable storage.
Steps to encrypt a drive using BitLocker:
- Open Control Panel and navigate to System and Security.
You can quickly access Control Panel by pressing Windows + R, typing control, and hitting Enter.
- Select BitLocker Drive Encryption.
- Click Turn on BitLocker next to the drive you want to encrypt.
- Choose your unlock method.
- TPM: The drive will automatically unlock when the computer starts if TPM is available.
- Password: You will need to create a strong password to unlock the drive.
- USB key: Use a USB flash drive that stores the decryption key to unlock the drive.
- Save the recovery key to a secure location.
- Microsoft account
- A file on another drive
- Print it and store it safely
- Select whether to encrypt the entire drive or just the used space.
- Choose New encryption mode for internal drives or Compatible mode for external drives.
- Click Start Encrypting to begin the process.
Encryption may take time depending on the size of the drive. It is recommended not to turn off or restart your computer until encryption is complete.
- Wait for the encryption to complete. The drive will now be protected by BitLocker.
C:\> manage-bde -status BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume C: [OS] [OS Volume] Size: 237.87 GB Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: TPM Numerical Password
Use manage-bde -status to check encryption status and key protectors.

Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.