BitLocker Encryption

Bitlocker for Microsoft Operating System

BitLocker drive encryption protects data and the operating system while the operating system is offline by preventing the drive from being tampered with. BitLocker drive encryption utilizes a TPM, either discrete or firmware, that adheres to the Trusted Computing Group's Static Root of Trust Measurement standard.

BitLocker secures your device automatically
BitLocker automatic device encryption encrypts internal drives automatically once the user completes the Out Of Box Experience (OOBE) on Modern Standby or HSTI-compliant devices.

BitLocker automatically encrypts your device throughout the out-of-the-box experience (OOBE). However, protection is only enabled (armed) when users sign in using a Microsoft Account or an Azure Active Directory account. Protection is paused until that time, and data is not safeguarded. When local accounts are used, BitLocker automatic device encryption is disabled. In this situation, BitLocker can be manually enabled via the BitLocker Control Panel.

Protect your BitLocker Drive Encryption Recovery Key with a backup.

The BitLocker recovery key is critical, and you should keep it in a highly convenient and secure position on each device that you can readily recall. If you lose the physical recovery key for a BitLocker encrypted drive, you will be unable to unlock the computer/drive without the backup recovery key. As a result, all of your data is lost.

Backup BitLocker Drive Encryption Recovery Key

By following the methods below, you can create a backup key in the event that you lose the master decryption key.

1. Press the Windows Key + Q key combination and type BitLocker. Select the Manage BitLocker entry from the search results.

2. In the BitLocker Drive Encryption window, locate the drive for which you require a recovery key at the time. Back up your recovery key by clicking on Back up your recovery key.

3. In the subsequent window, you have three backup options for your recovery key. You can save it to your Microsoft account, a text file, or print it for a physical copy. You should save it as a text file, as this was the simplest option. Save the text file in a location that you will not forget, such as My Documents.

4. After saving the text file, open it and scroll down to the bottom to look for the recovery key. This method, you've created a backup of the chosen computer's recovery key. This process must be repeated for each machine setup with Bitlocker, and a new unique recovery key must be created.