How to Enable or Turn Off BitLocker on Windows 11

If you are using Windows 10, then you must have already heard about BitLocker. Microsoft has launched a BitLocker feature with Windows 10 to protect users’ data. BitLocker is one type of encryption that encrypts your data against unauthorized access. If you have enabled BitLocker for any folder or driver, then BitLocker will encrypt everything in that folder. No one can access that folder or drive without a Bitlocker password or key. The same feature is available in Windows 11 too.

Requirements to Use BitLocker on Windows 11

There are some specific requirements to use BitLocker on Windows 11. Here is a list of requirements.

  1. Windows 11 Pro, Education, or Enterprise
  2. Trusted Platform Module chip (TPM) support is required
  3. Two drive partitions are required: system partition and operating system partition
  4. The operating system partition has an NTFS file system
  5. Admin access is required

How to Check Whether TPM is Enabled or Not?

Step 1: Open the Run command box with the Windows + R button on your keyboard.

Step 2: In the run command box, type tpm.msc command and then press enter. This command will open a Trusted Platform Module (TPM) Management window.

Type tpm.msc command and press enter

You can check if TPM is installed on your computer or not, along with the TPM version.

Step 3: You should see the ‘The TPM is ready for use’ message below Status.

The TPM is ready for use’ message

If your system has TPM and is not ready to use, you have to enable it using BIOS/UEFI firmware manually. Once done, the following are the ways through which one can easily turn on or turn off BitLocker on Windows 11 PC/laptop. 

6 Ways to Turn On BitLocker on Windows 11

There are multiple ways to enable BitLocker on Windows 11. We will explain all methods in detail. So let’s get started!

1. Enable BitLocker Using the Settings App

Step 1: Open Windows 11 settings with Windows + I button on the keyboard.

Step 2: Click on the System > Storage option in the right sidebar.

click on Storage in the right sidebar

Step 3: Find Advanced storage settings and click on it.

Advanced storage settings

Step 4: In the advanced storage settings, find and select Disk & volumes.

disk and volumes

Step 5: Here you have to select or mention the drive that you want to encrypt.

Step 6: Then click Properties.

click Properties

Step 7: Next click on the Turn on BitLocker option under the BitLocker options.

Click on Turn on BitLocker

This will open the BitLocker control panel where you can enable or disable BitLocker.

BitLocker Properties

2. Enable BitLocker using Control Panel

You can also manage BitLocker settings using the control panel. Here are the steps:

Step 1: Open the control panel. (Open Windows settings with Windows + I button and then search for the control panel)

search for the control panel

Step 2: Go to System and Security.

System and Security

Step 3: Find and click on BitLocker Drive Encryption.

click on BitLocker Drive Encryption

You can also access the BitLocker option using the Windows search. Just open search using Windows + S and then search for Manage BitLocker.

Step 4: Here, you can manage BitLocker settings. Select the drive for which you want to enable BitLocker.

manage BitLocker

Step 5: Then click the ‘Turn on BitLocker’. You have to wait for some time. BitLocker will set up encryption for the selected drive.

Turn on BitLocker

Step 6: When done, you have to select unlock options. Select your unlocking method and then click on next.

Select your unlocking method and then click on next

Note that your password must be a combination of uppercase and lowercase characters, numbers, and symbols.

Alternatively, you can use a smartcard to unlock this drive. The smart card is a USB device that you have to insert into your computer to unlock the drive. Note that you will need to insert a smart card and PIN to decrypt your data.

Step 7: Enter your password and click on the Next button if you selected a password option.

Step 8: Next, you have to share the recovery key if you forgot your password. You can choose different options to save your recovery key.

  • Microsoft account
  • USB flash drive
  • A Document file
  • Print the recovery key

share the recovery key if you forgot your password

Step 9: Select your recovery key mode and then once done, click on next.

Save to a USB flash drive

The next window will ask how much of the drive space you want to encrypt.

how much of the drive space you want to encrypt

Once selected, click on next. BitLocker will automatically encrypt all your data.

Step 10: Select the encryption mode and then next.

choose the encryption mode you want to use

Step 11: Finally, click on the ‘Start Encrypting’ button to start the BitLocker encryption process.

Click on start encrypting

Wait for some time. The system will automatically encrypt all selected data. It will take some time, depending on the amount of data you have selected. Once done, you will get a message.

If you want to access encrypted data, you have to use the recovery key or unlock the password.

If you have selected the system drive and encrypted it, you have to restart your PC and enter unlock password every time Windows starts.

You also have to click on Run a BitLocker system to check if you are encrypting the system drive.

Run a BitLocker system check

3. Turn On BitLocker Using the File Explorer

You can also access BitLocker from the file manager. Here are the steps:

Step 1: Open Windows 11 file explorer using Windows + E button on your keyboard.

Step 2: Then right-click on the drive that you want to encrypt using BitLocker.

Step 3: Choose the Turn on BitLocker option from the list.

Click on Turn on BitLocker in folder

Step 4: This will open a BitLocker control panel. Here you have to set it.

Select your unlocking method and then click on next

4. Turn on BitLocker Without the TPM

If you don’t have TRM, then you can use these steps to use BitLocker on Windows 11.

Step 1: Open the Run command box with the Windows + R button on your keyboard and then type gpedit.msc command.

Type gpedit.msc and click on OK

Step 2: Press enter to open Local Group Policy Editor. You can also search for gpedit in Windows search to access Local Group Policy Editor.

Step 3: In the Group Policy Editor, navigate to this directory.

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Step 4: Double click on the ‘Require additional authentication at startup’ policy in the right sidebar.

Require additional authentication at startup

Step 5: Select the ‘Enabled’ option.

Select the ‘Enabled’ option

Step 6: Check the ‘Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)’ option.

Allow BitLocker without a compatible TPM

Step 7: Then finally click on Apply and then Ok.

Restart your computer to apply new changes.

5. Enable BitLocker on the Operating System Drive

As mentioned, you can also enable BitLocker for OS or primary system drive.

Step 1: Open file explorer with the Windows + E key on your keyboard.

Step 2: Then right-click on your system drive. Most probably, it will be a Local disk C drive. So right-click on C drive and then choose Turn on BitLocker.

Click on Turn on BitLocker in folder

Step 3: In the BitLocker drive control panel, select unlock option for the drive > select your unlocking method. You can choose password protection or PIN.

Step 4: Select how you want to backup your recovery key and then click on next.

Select how you want to backup your recovery key and then click on next

Once done, you have to enter your password or PIN whenever you start your PC. You can also allow BitLocker to unlock the drive automatically for you.

Once everything is done, just restart your PC. On boot, you have to enter a PIN or password.

6. How to Turn On BitLocker Using CMD

You can also enable BitLocker with the help of a command prompt. Follow these steps.

Step 1: Open the command prompt using the start menu. Open the start menu with the Windows button on your keyboard and then search for cmd.

Step 2: Click on the run as administrator option to open cmd with admin rights.

Open CMD and click on Run as admin

Step 3: Enter this command to get a full list of encryption parameters.

manage-bde

Run manage-bde command

Step 4: Use this command to get a full list of protection parameters.

manage-bde.exe -on -h

Use this command to get a full list of protection manage-bde.exe -on -h

Step 5: Type this command if you want to encrypt your drive without a password or key.

manage-bde -on H:

You have to replace C with your drive letter.

If you want to add protection like a password or a key, then follow these steps.

Step 6: Open the BitLocker option in the control panel and select the drive you want to encrypt.

Step 7: Then click on ‘Turn on BitLocker.’ This will open the BitLocker management window.

Turn on BitLocker

Step 8: Use this command to set a recovery password.

manage-bde -on K: -RecoveryPassword

Step 9: Type this command 

To turn on encryption, generate a recovery password, and save the recovery key on another drive, type the following command:

manage-bde -on K: -RecoveryPassword -RecoveryKey H:

turn on encryption, generate recovery password

Here, K is the drive that you want to encrypt.

H is the drive where you want to save the key.

The command will automatically encrypt the drive and create a new recovery key on the selected drive.

Step 10: If you want to unlock a password protected drive and store a new recovery then use this code while encrypting the drive.

manage-bde -on K: -pw -rk H:

To run this command, a password is required. So you have to enter a password if you set it, and then it’s done.

add unlock a password and save recovery key while encrypting

To encrypt a drive with a numerical recovery password and an unlock password protectors, use the below commands:

If you want to encrypt the drive with numerical password then use this command.

manage-bde -protectors -add K: -pw -rp
manage-bde –on K:

Once you entered this command, the encryption progress will start.

Encryption is now in progress message

You can use fvenotify.exe in the command prompt if the process window not appeared.

Run this command to show the process

Related Post:

Conclusion

Hope you understood the whole process. You can easily enable or disable Off BitLocker on Windows 11 depending on your usage.

Default image
Rahul Patel

Rahul is a blogger and a tech geek. By reviewing the latest technology and finding the solution of pesky errors, he feels immense pleasure. Driven by his innate interest in blogging, he adapted blogging as a full-time profession 4 years ago.

Articles: 106