How to configure device encryption and BitLocker encryption on Windows 11
Device encryption is a security feature on Windows which allows encrypting your drive and protect your data from unauthorized access in case your laptop gets stolen.
BitLocker is a full device encryption with management controls. It is available on Windows 11 Pro, Enterprise or Educational editions. Home edition users don't have this feature.
While device encryption has no options to configure the selection of the drive to encrypt, BitLocker offers management controls which allow encrypting a single drive or all drives
How to configure device encryption
Follow these steps to activate device encryption on your Windows 11:
- Make sure you are logged into as an administrator. Otherwise, device encryption will not be available
- Follow Start > Settings > Privacy and Security > Device encryption
- Turn on device encryption
How to configure BitLocker encryption
How to enable BitLocker encryption
Follow these steps to configure BitLocker on your Windows 11:
- In Windows search field type "BitLocker" and open Manage BitLocker
- Select the drive with the partition to encrypt
- Click "Turn on BitLocker" next to it
- Select the way you would like to store your recovery key. In case you decide to store it in a file, select the path to the not encrypted drive. Once after selecting the backup option for your encryption key, click "Next" button to proceed further
- For new PCs it is recommended to select "Encrypt used disk space only" option. For those PCs which are in use and have data on the disc it is more secure to choose "Encrypt entire drive" option. Since the PC we are activating BitLocker on has freshly installed Windows and has not been in use yet, we selected the first option
- Check "Run BitLocker system check" option to ensure that BitLocker can read the recovery and encryption keys correctly before encrypting the drive
- Before starting the encryption, BitLocker will restart your computer. You need to click "Restart now" button and complete all your tasks before doing this
- The encryption process will start after restarting your PC. It may take some time, depending on the data volume.
How to disable BitLocker encryption
If you decide to remove BitLocker encryption, it is very easy to do this:
- In your Control Panel open BitLocker drive encryption
- Click "Turn off BitLocker" link for the encrypted drive
What is the difference between Device encryption and BitLocker encryption?
Fundamentally both features are the same. However, there are some differences:
- Device encryption is available for every Windows edition, while BitLocker is not available on Home edition of Windows 10/11.
- Another difference is an ability to select the drives to encrypt with help of BitLocker management panel. Device encryption does not provide an ability to select the drive to encrypt.
- Device encryption requires a TPM (Trusted Platform Module) and a user signed into Microsoft account since the recovery key gets uploaded to OneDrive. BitLocker allows storing a recovery key locally on a not encrypted drive, printing it or uploading to OneDrive.
Device encryption and BitLocker are almost the same at provided encryption with the difference in availability of management tools.