If you do not turn BitLocker on to encrypt your data, you will be getting a call from us to get you to turn it on. The process is very simple and takes less then 5 minutes to get it started.
The simple steps are:
• Go to Control Panel > BitLocker Drive Encryption
• Click Turn on BitLocker
• Save the the Encryption Key or Print the Encryption Key
• Start Encrypting your drive
All MIS2000 database machines that are portable and go out into the field should be encrypted to help protect your migrant data as much as possible. Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
We'll be monitoring all MIS2000 installs on portable devices and contacting any users that don't have BitLocker enabled.
Below are links, videos, and tutorials on how to install BitLocker on your tablet systems. If you need assistance in getting BitLocker turned on, you should contact your local IT support specilist for help.
BitLocker frequently asked questions (FAQ)
Securing Windows 10 with BitLocker Drive Encryption
Seven reasons why you need BitLocker hard drive encryption
A beginner's guide to BitLocker, Windows' built-in encryption tool
How to turn on BitLocker on the Operating system drive
Once you made sure BitLocker can be properly enabled on your computer, follow these steps:
- Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.
- Click System and Security.
Click BitLocker Drive Encryption.
Under BitLocker Drive Encryption, click Turn on BitLocker.
Choose how you want to unlock your drive during startup: Insert a USB flash drive or Enter a password. For the purpose of the guide, select Enter a password to continue.
Enter a password that you'll use every time you boot Windows 10 to unlock the drive, and click Next to continue. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)
You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Options include:
- Save to your Microsoft account
- Save to a USB flash drive
- Save to a file
- Print the recovery
Select the option that is most convenient for you, and save the recovery key in a safe place.
Click Next to continue.
Select the encryption option that best suits your scenario:
- Encrypt used disk space only (faster and best for new PCs and drives)
- Encrypt entire drive (slower but best for PCs and drives already in use)
Choose between the two encryption options:
- New encryption mode (best for fixed drives on this device)
Compatible mode (best for drives that can be moved from this device)
On Windows 10 version 1511, Microsoft introduced support for XTS-AES encryption algorithm. This new encryption method provides additional integrity support and protection against new attacks that use manipulating cipher text to cause predictable modifications in clear text. BitLocker supports 128-bit and 256-bit XTS AES keys.
Click Next to continue.
Make sure to check the Run BitLocker system check option, and click Continue.
- Finally, restart your computer to begin the encryption process.
On reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press Enter.
After rebooting, you'll notice that your computer will quickly boot to the Windows 10 desktop. However, if you go to Control Panel > System and Security > BitLocker Drive Encryption, you'll see that BitLocker is still encrypting your drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you'll still be able to work on your computer.
Once the encryption process completes, the drive level should read BitLocker on.
You can verify that BitLocker is turned on by the lock icon on the drive when you open This PC on File Explorer.
BitLocker Drive Encryption options
When BitLocker is enabled on your main hard drive, you'll get a few additional options, including:
- Suspend protection: When you're suspending protection your data won't be protected. Typically, you would use this option when applying a new operating system, firmware, or hardware upgrade. If you don't resume the encryption protection, BitLocker will resume automatically during the next reboot.
- Back up your recovery key: If you lose your recovery key, and you're still signed into your account, you can use this option to create a new backup of the key with the options mentioned on step 6.
- Change password: You can use this option to create a new encryption password, but you'll still need to supply the current password to make the change.
- Remove password: You can't use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
- Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files. However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.