Full Disk Encryption on Windows 10 with BitLocker
In this tutorial, we will show you how to do a full disk encryption on Windows 10 Professional using Microsoft BitLocker, which only works on Windows 10 Pro (not Windows 10 Home). And it is preferable to be on a machine with TPM (Trusted Platform Module) which is a chip on your machine that can store the decryption key. You can tell if you have TPM by clicking on “TPM Administration” on the below screenshot.
1. In Windows Setting, search for “BitLocker” …
2. In the above screenshot, click on “Turn on BitLocker” for the “c:” drive.
If it comes up with this error message …
That means that your machine does not have TPM. This tutorial will proceed assuming that you do not have TPM on your machine.
3. To set to allow without a TPM using the “Local Group Policy Editor”, do Windows-r and type gpedit.msc …
4. Navigate to the path shown and double-click on “Require additional authentication at startup”
5. Select “Enabled” and checkmark “Allow BitLocker without a compatible TPM” as shown …
6. Remember to click the “Okay” at the bottom.
7. Now turn on BitLocker again. It will work and now asks for you to choose a unlock option…
8. Then it asks how you want to save your recovery key.
Remember that if anyone gets your recovery key, they can decrypt your disk. If you save your recovery key to Microsoft Account, it can be retrieved from https://onedrive.live.com/recoverykey
9. For new computers, you can choose to encrypt used space, but otherwise you should encrypt entire drive as shown …
10. Then choose encryption mode…
11. Next it will run system check and reboot…
12. After reboot, you can see in status bar that encryption is in progress…
You are able to continue working while it is encrypting. You can even shut down your machine. It will resume where it left off the next time you boot up.
13. Once encryption completes, it should look like this …
If you ever need to turn off BitLocker, you can do so in settings shown above.