Windows 11 enable BitLocker

How to enable BitLocker on Windows 11

Here are the instructions to enable BitLocker on virtually any drive on Windows 11.

  • To enable BitLocker on Windows 11, open Settings > Storage > Advance storage settings > Disks & volumes, open the “Properties” page for the drive to encrypt, and click on “Turn on BitLocker.”
  • In the Control Panel, click on “Turn on BitLocker” for the system drive and continue with the directions, choosing the “Encrypt used disk space only” and “New encryption mode” options.
  • BitLocker is only available on Windows 11 Pro. If you have Windows 11 Home, you have to use the “device encryption” feature (if available).

UPDATED 8/7/2024: On Windows 11, you can enable BitLocker in at least three ways to encrypt data on the main installation drive, external storage, or even a USB flash drive using “BitLocker To Go.” In this guide, I will show you how.

BitLocker is a security feature that allows you to use encryption on a drive to protect your data from unauthorized access to your documents, pictures, and any kind of data you may have on the computer. The feature is available on Windows 11 Pro, Enterprise, and Education. While it’s not part of the Home edition, Windows 11 still provides device encryption for specific devices, such as Surface Pro, Laptop, and others that meet the minimum requirements.

When turning on encryption on the drive, any data becomes scrambled using the Advanced Encryption Standard (AES) encryption algorithm to encrypt the entire drive. No one can access it without the correct password, even if you share the file with other people.

Windows 11 offers two types of encryption: “BitLocker” to encrypt and protect the operating system and fixed data drives and “BitLocker To Go” to encrypt removable drives that can be accessed from different devices.

BitLocker requires a Trusted Platform Module (TPM) chip for the best experience, and since you can’t install Windows 11 on a device without TPM, it’s no longer necessary to check and configure the security feature.

If you have an older version, such as Windows 10, you can turn on BitLocker with TPM or software-based encryption, but it requires additional authentication steps.

In this guide, I will teach you how to manage BitLocker on a Windows 11 drive, fixed and data drives, and USB removable storage.

Enable BitLocker encryption on Windows 11

To turn on BitLocker on a Windows 11 drive, use these steps:

  1. Open Settings on Windows 11.

  2. Click on Storage.

  3. Click on Advanced storage settings under the “Storage management” section.

  4. Click the Disks & volumes page.

    Disks & volumes

  5. Select the drive with the volume to encrypt.

  6. Choose the volume to enable BitLocker encryption and click the Properties button.

    Settings app drive properties

  7. Click the “Turn on BitLocker” option.

    Windows 11 turn on BitLocker option

  8. Click the “Turn on BitLocker” option under the “Operating system drive” section in the Control Panel.

    BitLocker Windows 11 drive encryption

  9. Click the “Let BitLocker automatically unlock my device” option.

    Let BitLocker automatically unlock my device

    Important: If this option isn’t available, you will be directed to the next page, as shown in step 10. If you choose the “Enter a PIN” or “Insert a USB flash drive” option, the operating system will always prompt you for the PIN or flash drive before starting up to unlock your device.
  10. Select the option to back up the recovery key. For example, you can use “Save to your Microsoft account.”

    Save encryption key to Microsoft account

  11. Click the Next button.

  12. Select the “Encrypt used disk space only” option.

    Encrypt used disk space only

  13. Click the Next button.

  14. Select the “New encryption mode” option.

    New encryption mode

    Quick note: If you intend to encrypt a drive you will use on an older version of Windows, you should choose the Compatible mode option.
  15. Click the Next button.

  16. (Optional) Check the “Run BitLocker system check” option.

    BitLocker system check

  17. Click the Restart now button.

Once you complete the steps, the computer will restart to enable BitLocker. However, depending on the data available on the drive, BitLocker will continue to encrypt the used space in the background.

If you used the Microsoft account option to save the BitLocker recovery key, you can later find the keys in the device BitLocker recovery keys section of your account.

You can disable BitLocker on Windows 11 if you no longer need the feature or are performing a task that can cause problems, such as setting up a dual-boot system with Linux.

Enable BitLocker on fixed data drive on Windows 11

To turn BitLocker on a secondary drive, use these steps:

  1. Open Settings.

  2. Click on Storage.

  3. Click on Advanced storage settings under the “Storage management” section.

  4. Click the Disks & volumes page.

    Disks & volumes

  5. Select the drive with the volume to encrypt.

  6. Choose the volume to enable BitLocker encryption and click the Properties button.

    Settings app drive properties

  7. Click the “Turn on BitLocker” option.

    Windows 11 turn on BitLocker option

  8. Click the “Turn on BitLocker” option under the “Fixed data drives” section in the Control Panel.

    Enable BitLocker fixed drive

  9. Check the “Use a password to unlock the drive” option.

    BitLocker password unlock drive settings

  10. Create and confirm the password to unlock the BitLocker drive.

  11. Click the Next button.

  12. Select the option to save the recovery key. For example, “Save to your Microsoft account.”

    Save recovery key on Microsoft account

  13. Click the Next button.

  14. Select the “Encrypt used disk space only” option.

    Encrypt used disk space only

  15. Click the Next button.

  16. Select the “New encryption mode” option.

    New encryption mode

  17. Click the Next button.

  18. Click the Start encrypting button.

    Start encryption fixed data drive

  19. Click the Close button.

After you complete the steps, BitLocker will encrypt the entire volume on the secondary drive.

Enable BitLocker To Go on USB flash drive on Windows 11

To set up BitLocker To Go on a USB flash drive on Windows 11, use these steps:

  1. Open Settings.

  2. Click on Storage.

  3. Click on Advanced storage settings under the “Storage management” section.

  4. Click the Disks & volumes page.

    Disks & volumes

  5. Select the drive with the volume to encrypt.

  6. Choose the volume to enable BitLocker encryption and click the Properties button.

    Settings app drive properties

  7. Click the “Turn on BitLocker” option.

    Windows 11 turn on BitLocker option

  8. Click the “Turn on BitLocker” option under the “Removable data drives BitLocker To Go” section in the Control Panel.

    Enable BitLocker To Go on Windows 11

  9. Check the “Use a password to unlock the drive” option.

    Configure BitLocker To Go recovery

  10. Create and confirm the password to unlock the BitLocker drive.

  11. Click the Next button.

  12. Select the option to save the recovery key. For example, “Save to your Microsoft account.”

    Save BitLocker To Go key on Microsoft account

  13. Click the Next button.

  14. Select the “Encrypt used disk space only” option.

    BitLocker To Go encrypt used disk space only

  15. Click the Next button.

  16. Select the Compatible mode option.

    BitLocker To Go compatibly mode

  17. Click the Next button.

  18. Click the Start encrypting button.

  19. Click the Close button.

Once you complete the steps, the data inside the USB portable drive will be encrypted with BitLocker To Go.

BitLocker is one of the many security features available on Windows 11. I have also created another comprehensive guide with the best security features you should consider configuring and using on Windows 11.

Are you using this encryption feature on your computer? Let me know in the comments.

Update August 7, 2024: This guide has been updated to ensure accuracy and reflect changes to the process.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 15 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 21 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].