What is BitLocker

BitLocker is a full-disk encryption feature included with Professional, Ultimate and Enterprise editions of Microsoft Windows. BitLocker is not available in Starter and Home versions. BitLocker is designed to protect data by providing encryption for entire volume, securing both: user files and empty space. The resulting code is unreadable and cannot be deciphered easily via unauthorised offline access.

Why use BitLocker

BitLocker is Microsoft’s easy-to-use, on-the-fly encryption system that adds a strong level of data protection from offline attacks. BitLocker is recommended as assured data-at-rest protection by UK government’s National Technical Authority for Information Assurance (CESG) for Windows 7, Windows 8/8.1 and is expected to be recommended for Windows 10 in their forthcoming guidance (October 2015).

BitLocker requires Trusted Platform Module (TPM) – what do I do?

A Trusted Platform Module (TPM) is a microchip that is built into a computer. It is used to store cryptographic information, such as encryption keys. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.

BitLocker can also be used without a TPM. To use BitLocker on a computer without a TPM, you must change the default behavior of the BitLocker setup wizard by using Group Policy.

How to Enable BitLocker in Windows 10 without TPM chip

Click Start
Click Start in the bottom-left of the screen
Type gpedit and select Edit group policy
Type gpedit in Start search field and select Edit Group Policy option
Allow the program to make changes by clicking Yes.
Allow Group Policy to make changes by clicking Yes in User Account Control window
Expand Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives and double-click Require additional authentication at startup.
Expand Group Policy tree as shown. Make sure Computer Configuration tree is expanded, not User Configuration. Double-click on Require Additional Authentication At Startup.
Change the setting to Enabled and click OK
Change the master control setting from Not Configured to Enabled.
Open File Explorer and go to This PC
Open File Explorer as normal and on the left Navigation Pane choose This PC.
Right-click on Local Disk (C:) and choose Turn on BitLocker
Right-click on Local Disk (C:) and choose Turn on BitLocker
In BitLocker Setup Wizard, when prompted to choose “How to unlock your drive at startup”, select Enter a Password option
When prompted by BitLocker Setup Wizard, choose Password option to proceed.
Enter the password twice and click Next
Choose a strong and secure password. Avoid any symbols that may vary with keyboard layout, like @, #, |. and so on. When ready, click Next.
Choose how to back up your key. It is strongly recommended to Save to USB flash drive and to Print it. When ready, click Next.
It is not possible to proceed until the key has been backed up. It is recommended to use several options, e.g. Save to USB and Print. When ready, click Next.
Confirm BitLocker Encryption by choosing Continue
Confirm BitLocker Encryption
When prompted, Restart now the PC to start drive encryption.
When prompted with a message, choose Restart Now to start encryption process.
Upon restart, new BitLocker screen will appear prompting to enter password. Type the password and press Enter
BitLocker prompts for password from this point onward, before every system boot.
Upon first start, BitLocker encrypts the drive. This may take a while.
Bitlocker encrypts the drive after the first boot.
Once complete, the system volume is encrypted and ready for use.
Bitlocker Encryption is complete. The system is ready and can be used safely.