BitLocker Drive Encryption
If you’re using a higher-end version of Windows – Professional, Education, or Enterprise – and you’re looking to encrypt an entire drive, you might like to use the built-in BitLocker tool. It can be used to encrypt fixed and removable drives, as well as your Windows boot drive, making it possible to protect the contents of your laptop should it be stolen.
Type “bitlocker” into the Search box and click Manage BitLocker. You’ll see a list of all available drives in the main window. Expand one and click Turn BitLocker on. If you’re looking to encrypt the main system drive, you may see an error about your PC not having a compatible Trusted Protection Module. Check your motherboard specifications – you may be lucky and simply need to enable TPM support in the BIOS (look in the Security section).
You’re prompted to create a backup of the recovery key required, then follow the wizard, selecting appropriate choices depending on your drive and PC setup. Run the recommended BitLocker system check, and you should be able to use your drive while it’s being encrypted.
Fixed or removable data drives are protected by password or a compatible smart card – TPM module not required. When you plug in the drive or reboot Windows, you need to provide the password or plug in the smart card to unlock the drive.
BitLocker is relatively straightforward to use, but relies on your trusting Microsoft, because unlike the open-source VeraCrypt, its code isn’t available for audit. You’re also restricted to its 128-bit or 256-bit AES encryption.