How do I setup disk encryption on a Windows computer?

This tutorial applies to the following operating system:

 Windows

Overview

This article covers how to setup whole disk encryption (WDE) on a Windows computer.

If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS locations under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, WDE is an essential security measure. For more information, see Whole Disk Encryption FAQ. Contact your TSP or Local Support if you are unsure if your devices require encryption.

If your Windows device has been configured for encryption, you should receive a dialog box each day prompting for a Bitlocker startup PIN. Choose and input a passphrase to unlock your computer at boot. The passphrase should be unique, must be at least 8 characters or more in length, and should not be your name, phone number, current NetID password, or an easy to guess sequence.

Set  Bitlocker Startup PIN dialog

Click "Set PIN" after input.

Bitlocker pin entered, click set pin to proceed

After a few seconds the dialog box should disappear. The Bitlocker passphrase has now been applied and you will need to enter it at startup to unlock the device. You should reboot now to test your new startup password.

Details

Article ID: 1892
Created
Fri 5/7/21 10:44 AM
Modified
Fri 8/13/21 11:42 AM

Related Articles (2)

Reset a forgotten Bitlocker password when the device is managed only by Intune.