How to configure device encryption and BitLocker encryption on Windows 11

Device encryption is a security feature on Windows which allows encrypting your drive and protect your data from unauthorized access in case your laptop gets stolen.

BitLocker is a full device encryption with management controls. It is available on Windows 11 Pro, Enterprise or Educational editions. Home edition users don't have this feature.

While device encryption has no options to configure the selection of the drive to encrypt, BitLocker offers management controls which allow encrypting a single drive or all drives

How to configure device encryption

Follow these steps to activate device encryption on your Windows 11:

  1. Make sure you are logged into as an administrator. Otherwise, device encryption will not be available
  2. Follow Start > Settings > Privacy and Security > Device encryption
  3. Turn on device encryption
Screenshot of device encryption item in Windows 11

How to configure BitLocker encryption

How to enable BitLocker encryption

Follow these steps to configure BitLocker on your Windows 11:

  1. In Windows search field type "BitLocker" and open Manage BitLocker
  2. Windows 11 BitLocker app icon screenshot
  3. Select the drive with the partition to encrypt
  4. Click "Turn on BitLocker" next to it
  5. Screenshot of turning on BitLocker on Windows 11
  6. Select the way you would like to store your recovery key. In case you decide to store it in a file, select the path to the not encrypted drive. Once after selecting the backup option for your encryption key, click "Next" button to proceed further
  7. BitLocker recovery key settings screenshot
  8. For new PCs it is recommended to select "Encrypt used disk space only" option. For those PCs which are in use and have data on the disc it is more secure to choose "Encrypt entire drive" option. Since the PC we are activating BitLocker on has freshly installed Windows and has not been in use yet, we selected the first option
  9. BitLocker used disk space encryption settings screenshot
  10. Check "Run BitLocker system check" option to ensure that BitLocker can read the recovery and encryption keys correctly before encrypting the drive
  11. BitLocker system check settings screenshot
  12. Before starting the encryption, BitLocker will restart your computer. You need to click "Restart now" button and complete all your tasks before doing this
  13. Restart computer dialog screenshot
  14. The encryption process will start after restarting your PC. It may take some time, depending on the data volume.

How to disable BitLocker encryption

If you decide to remove BitLocker encryption, it is very easy to do this:

  1. In your Control Panel open BitLocker drive encryption
  2. Click "Turn off BitLocker" link for the encrypted drive

What is the difference between Device encryption and BitLocker encryption?

Fundamentally both features are the same. However, there are some differences:

Device encryption and BitLocker are almost the same at provided encryption with the difference in availability of management tools.