How to configure device encryption and BitLocker encryption on Windows 11

Device encryption is a security feature on Windows which allows encrypting your drive and protect your data from unauthorized access in case your laptop gets stolen.

BitLocker is a full device encryption with management controls. It is available on Windows 11 Pro, Enterprise or Educational editions. Home edition users don't have this feature.

While device encryption has no options to configure the selection of the drive to encrypt, BitLocker offers management controls which allow encrypting a single drive or all drives

How to configure device encryption

Follow these steps to activate device encryption on your Windows 11:

Make sure you are logged into as an administrator. Otherwise, device encryption will not be available
Follow Start > Settings > Privacy and Security > Device encryption
Turn on device encryption

Screenshot of device encryption item in Windows 11

How to configure BitLocker encryption

How to enable BitLocker encryption

Follow these steps to configure BitLocker on your Windows 11:

In Windows search field type "BitLocker" and open Manage BitLocker

Windows 11 BitLocker app icon screenshot

Select the drive with the partition to encrypt
Click "Turn on BitLocker" next to it

Screenshot of turning on BitLocker on Windows 11

Select the way you would like to store your recovery key. In case you decide to store it in a file, select the path to the not encrypted drive. Once after selecting the backup option for your encryption key, click "Next" button to proceed further

BitLocker recovery key settings screenshot

For new PCs it is recommended to select "Encrypt used disk space only" option. For those PCs which are in use and have data on the disc it is more secure to choose "Encrypt entire drive" option. Since the PC we are activating BitLocker on has freshly installed Windows and has not been in use yet, we selected the first option

BitLocker used disk space encryption settings screenshot

Check "Run BitLocker system check" option to ensure that BitLocker can read the recovery and encryption keys correctly before encrypting the drive

BitLocker system check settings screenshot

Before starting the encryption, BitLocker will restart your computer. You need to click "Restart now" button and complete all your tasks before doing this

The encryption process will start after restarting your PC. It may take some time, depending on the data volume.

How to disable BitLocker encryption

If you decide to remove BitLocker encryption, it is very easy to do this:

In your Control Panel open BitLocker drive encryption
Click "Turn off BitLocker" link for the encrypted drive

What is the difference between Device encryption and BitLocker encryption?

Fundamentally both features are the same. However, there are some differences:

Device encryption is available for every Windows edition, while BitLocker is not available on Home edition of Windows 10/11.
Another difference is an ability to select the drives to encrypt with help of BitLocker management panel. Device encryption does not provide an ability to select the drive to encrypt.
Device encryption requires a TPM (Trusted Platform Module) and a user signed into Microsoft account since the recovery key gets uploaded to OneDrive. BitLocker allows storing a recovery key locally on a not encrypted drive, printing it or uploading to OneDrive.

Device encryption and BitLocker are almost the same at provided encryption with the difference in availability of management tools.