How to use BitLocker on Windows 11

Windows 11 has a feature called BitLocker, which encrypts your data to keep it safe from others. Here’s how to set it up.

Keeping your data safe is extremely important, and Windows, including Windows 11, comes with a technology called BitLocker. It encrypts the data on your drive, preventing third-party actors from accessing it unless they have the decryption key, which is basically your account password. You wouldn’t notice it’s enabled most of the time since you’re always logged into your account and everything just works, but the extra layer of protection is definitely nice to have.

According to Microsoft, BitLocker encryption is only available on Windows 11 Pro, Enterprise, and Education editions, but there is a limited form of device encryption in Windows 11 Home, too. The difference is you don’t get the same management and setup options on Windows 11 Home, but the core feature is still there. For example, if you enable device encryption on Windows 11 Home, it will be enabled for all your drives, while Pro lets you set it up for each drive on your PC.

If you’re wondering how to enable (or disable) BitLocker encryption on your PC, that’s what this article is for. We’ll show you how to use BitLocker on both Windows 11 Pro (and higher) and Windows 11 Home.

How to use BitLocker encryption on Windows 11 Pro, Enterprise, and Education

In many cases, BitLocker encryption will be enabled by default on your PC, especially if you bought a laptop or a pre-built desktop. However, if it isn’t enabled, here’s how you can do it yourself:

1. Open the Settings app and select Privacy & security in the menu on the left.
2. Click Device encryption.

   

3. You can simply enable encryption by changing the Device encryption toggle to On.
4. Alternatively, click BitLocker drive encryption to manage encryption settings in Control Panel.
5. Find the drive you want to encrypt (if you have multiple) and click Turn on BitLocker.

   

6. Choose a location to save your decryption key. If you have a Microsoft account linked to your Windows 11 install, you can back it up to your Microsoft account; otherwise, you can save it to a local file or print it and store it somewhere safe.

   

7. Choose Encrypt used disk space only to encrypt your drive faster and click Next. The slower option is generally unnecessary unless you have an older PC with a lot of data stored on it.

   

8. Choose New encryption mode (the default setting) and click Next.

   

9. Enable the Run BitLocker system check checkbox, and click Continue.

   

10. You’ll be prompted to restart the computer and your drive will begin encrypting.

That’s all there is to enabling BitLocker. If you backed up your decryption key to your Microsoft account, you can find it on this page. All your encrypted PCs and drives will be here.

How to turn off BitLocker

If you’re no longer interested in using BitLocker for whatever reason, you can follow these steps to disable it.

1. Open the Settings app and choose Privacy & security on the left-side menu.
2. Click Device encryption.
3. Choose BitLocker drive encryption to open the Control Panel
   

   If you previously enabled encryption using the Device encryption toggle, you can disable it in the Settings app. If you used BitLocker in the Control Panel, this option isn’t available.

   

4. Click Turn off BitLocker next to the drive you want to decrypt.

   

5. Confirm your choice by clicking Turn off BitLocker again.

   

6. Your drive will begin decrypting, which may take a long time, depending on how many files you have.

Once the process finishes, your data will no longer be encrypted and anyone with physical access to the computer could be able to read it. It’s not generally recommended to disable BitLocker, but it might be useful if you move a drive to a new PC, for example.

How to use device encryption on Windows 11 Home

If you’re using Windows 11 Home but still want to make sure your data is encrypted, the process is very similar but somewhat simpler.​​​​​​

1. Open the Settings app and choose Privacy & security from the menu on the left.
2. Click Device encryption.
3. Set the Device encryption toggle to On.

   

4. The encryption process will begin automatically.

Some devices may not support encryption, so if you don’t see the option, don’t be too alarmed. Your decryption key is backed up to your Microsoft account, so you must have one linked to your PC to encrypt your drive. You can find your decryption keys here. However, if you’d like to save a copy of your key, you can follow these steps:

1. Open the Control Panel. You can search for Control Panel in the Start menu to find it.
2. Select System & security.

   

3. Click Device encryption.

   

4. Click Back up your recovery key next to your drive.

   

5. Choose a location for the backup. You can save it to a file or print it. There’s also an Azure AD option if you happen to have an account, but most Windows 11 Home users likely won’t.
   

   If you’re using a file, you’ll need to choose a location other than the encrypted drive.

   

That’s about it for enabling device encryption on Windows 11 Home. Disabling encryption is equally simple. Just head over to the Device encryption page in the Settings app and set the toggle to Off.

BitLocker encryption is one of the many security features in Windows 11, and if you’d like to learn more about that, you may want to check out how to use Smart App Control, a new feature in Windows 11 version 22H2. We also have a guide on how to turn off Microsoft Defender if that interests you.