RELATED: Should You Upgrade to the Professional Edition of Windows 10? If Device Encryption is enabled-or if you can enable it by signing in with a Microsoft account-you’ll see a message saying so here.
If you don’t see anything about Device Encryption here, your PC doesn’t support Device Encryption and it’s not enabled. To check if Device Encryption is enabled, open the Settings app, navigate to System > About, and look for a “Device encryption” setting at the bottom of the About pane. However, this doesn’t apply to the average person’s PC-only PCs joined to domains. Your recovery key would then be uploaded to your organization’s domain servers. For example, you might sign into a domain owned by your employer or school. If you’re worried about the NSA, you may want to use a different encryption solution.)ĭevice Encryption will also be enabled if you sign into an organization’s domain. ( This is also why the FBI likely isn’t too worried about this feature, but we’re just recommending encryption as a means to protect your data from laptop thieves here. This will help you recover your files if you ever can’t log into your PC. Your recovery key is then uploaded to Microsoft’s servers. If device encryption is turned off, select Turn on.There’s another limitation, too-it only actually encrypts your drive if you sign into Windows with a Microsoft account. You may be able to turn on standard BitLocker encryption instead. If Device encryption doesn't appear, it isn't available.
Select the Start button, then select Settings > Update & Security > Device encryption. For more info, see Create a local or administrator account in Windows 10. Sign in to Windows with an administrator account (you may have to sign out and back in to switch accounts). If the value says Meets prerequisites, then device encryption is available on your device. Or you can select the Start button, and then under Windows Administrative Tools, select System Information.Īt the bottom of the System Information window, find Device Encryption Support. In the search box on the taskbar, type System Information, right-click System Information in the list of results, then select Run as administrator. If your device doesn't support BitLocker, you may be able to use Windows Device Encryption instead. For more info see Back up your BitLocker recovery key. It only takes a few moments to back up your recovery key.
If you don't have that key, you won't be able to access the drive, and Microsoft support doesn't have access to the recovery keys either so they can't provide it to you, or create a new one, if it's been lost. If BitLocker thinks an unauthorized user is trying to access the drive it will lock the system and ask for the BitLocker recovery key.
If you have BitLocker turned on for your device, it's important to be sure you have the Recovery Key backed up somewhere. It isn't available on Windows Home edition. Note: You'll only see this option if BitLocker is available for your device. Tap Start and in the search box, type Manage BitLocker and then select it from the list of results.
On supported devices running Windows 10 or newer BitLocker will automatically be turned on the first time you sign into a personal Microsoft account (such as or or your work or school account.īitLocker is not automatically turned on with local accounts, however you can manually turn it on in the Manage BitLocker tool. Is it available on my device?īitLocker encryption is available on supported devices running Windows 10 or 11 Pro, Enterprise, or Education.
Without the decryption key the data on the drive will just look like gibberish to them. If your drive is encrypted, however, when they try to use that method to access the drive, they'll have to provide the decryption key (which they shouldn't have) in order to access anything on the drive. Then by adding your hard drive as a second drive on a machine they control, they may be able to access your data without needing your credentials. If somebody wants to bypass those Windows protections, however, they could open the computer case and remove the physical hard drive. Normally when you access your data it's through Windows and has the usual protections associated with signing into Windows.