What is BitLocker
BitLocker is a full-disk encryption feature included with Professional, Ultimate and Enterprise editions of Microsoft Windows. BitLocker is not available in Starter and Home versions. BitLocker is designed to protect data by providing encryption for entire volume, securing both: user files and empty space. The resulting code is unreadable and cannot be deciphered easily via unauthorised offline access.
Why use BitLocker
BitLocker is Microsoft’s easy-to-use, on-the-fly encryption system that adds a strong level of data protection from offline attacks. BitLocker is recommended as assured data-at-rest protection by UK government’s National Technical Authority for Information Assurance (CESG) for Windows 7, Windows 8/8.1 and is expected to be recommended for Windows 10 in their forthcoming guidance (October 2015).
BitLocker requires Trusted Platform Module (TPM) – what do I do?
A Trusted Platform Module (TPM) is a microchip that is built into a computer. It is used to store cryptographic information, such as encryption keys. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.
BitLocker can also be used without a TPM. To use BitLocker on a computer without a TPM, you must change the default behavior of the BitLocker setup wizard by using Group Policy.
How to Enable BitLocker in Windows 10 without TPM chip
- Click Start
- Type gpedit and select Edit group policy
- Allow the program to make changes by clicking Yes.
- Expand Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives and double-click Require additional authentication at startup.
- Change the setting to Enabled and click OK
- Open File Explorer and go to This PC
- Right-click on Local Disk (C:) and choose Turn on BitLocker
- In BitLocker Setup Wizard, when prompted to choose “How to unlock your drive at startup”, select Enter a Password option
- Enter the password twice and click Next
- Choose how to back up your key. It is strongly recommended to Save to USB flash drive and to Print it. When ready, click Next.
- Confirm BitLocker Encryption by choosing Continue
- When prompted, Restart now the PC to start drive encryption.
- Upon restart, new BitLocker screen will appear prompting to enter password. Type the password and press Enter
- Upon first start, BitLocker encrypts the drive. This may take a while.
- Once complete, the system volume is encrypted and ready for use.
If you require any assistance with data security, including Data Protection and Data At Rest Compliance, contact us and we will be able to help.