BitLocker overview
Applies To
Windows 11 Windows 10BitLocker is a Windows security feature that protects your data by encrypting your drives. This encryption ensures that if someone tries to access a disk offline, they won’t be able to read any of its content.
BitLocker is particularly valuable if your device is lost or stolen, as it keeps your sensitive information secure. It’s designed to be user-friendly and integrates seamlessly with the Windows operating system, making it easy to set up and manage.
BitLocker offers two functionalities:
-
Device Encryption , which is designed for simplicity of use, and it's usually enabled automatically
-
BitLocker Drive Encryption , which is designed for advanced scenarios, and it allows you to manually encrypt drives
Having trouble playing the video? Watch it on YouTube.
If you have BitLocker turned on for any of your drives, it's important to be sure you have the BitLocker recovery key backed up somewhere. If BitLocker detects an unauthorized access to the drive or changes in the hardware, it will prevent access to the disk, asking for the recovery key. If you don't have that key, you won't be able to access the drive.
It only takes a few moments to back up your recovery key. For more information, see Back up your BitLocker recovery key.
BitLocker frequently asked questions (FAQs)
Here's a collection of common questions related to BitLocker. Expand each question to read the answer:
BitLocker is a built-in encryption feature in Windows that helps protect your data by encrypting your entire drive. When you access your data, Windows normally has protections associated with your sign-in information. However, if someone tries to bypass these protections by physically removing the hard drive and connecting it to a second device, they could potentially access your data without needing your credentials.
With BitLocker encryption, when they try to use that method to access the drive, they’ll need to provide a decryption key (which they shouldn’t have) to access anything on the drive. Without the decryption key, the data on the drive appears as gibberish, making it unreadable and secure from unauthorized access.
A BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock an encrypted drive.
Windows requires a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This can also happen if you make changes to the hardware, firmware, or software, which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker might require the extra security of the recovery key even if the user is an authorized owner of the device.
For more information, see Find your BitLocker recovery key.
Here are some scenarios that describe how BitLocker might have been activated on your device:
-
Your device automatically enabled Device Encryption: in this case, your BitLocker recovery key is automatically saved to your Microsoft account or work or school account, before protection is activated
-
An administrator on your device manually activated Device Encryption: in this case, the recovery key is automatically saved to their Microsoft account or work or school account, before protection is activated
-
An administrator on your device manually activated BitLocker Drive Encryption: in this case, the user activating BitLocker selected where to save the recovery key
-
An organization that is managing your device activated BitLocker protection through policy settings: in this case, the organization might have your BitLocker recovery key