Overview
This article covers how to set up whole disk encryption (WDE) on a Windows computer.
If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS locations under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, WDE is an essential security measure. For more information, see Whole Disk Encryption FAQ. Contact your TSP or Local Support if you are unsure if your devices require encryption.
BitLocker Startup PIN
If your Windows device has been configured for encryption, you should receive a dialog box each day prompting for a BitLocker startup PIN. Choose and input a passphrase to unlock your computer at boot. The passphrase should be unique, must be at least 8 characters or more in length, and should not be your name, phone number, current password, or an easy to guess sequence.
Click "Set PIN" after input.
After a few seconds the dialog box should disappear. The BitLocker passphrase has now been applied and you will need to enter it at startup to unlock the device. You should reboot now to test your new startup password.
