How to Enable BitLocker on Windows | Encrypt, Disable, and Recover Your Key

If your laptop is lost or stolen, anyone who removes the drive can read your files directly. BitLocker — built into Windows Pro and higher — encrypts the entire drive so that even if someone pulls out the storage, the data is unreadable. This guide walks you through enabling BitLocker, managing the recovery key, turning it off, and using the Device Encryption fallback on Windows Home.

Table of Contents

1. What Is BitLocker?
   1. Supported Editions and Requirements
   2. Why the Recovery Key Matters
2. How to Enable BitLocker
   1. Encrypting the C Drive
   2. How to Save the Recovery Key
3. How to Turn Off BitLocker
4. How to Find Your Recovery Key Later
   1. From Your Microsoft Account
   2. Via PowerShell
5. Device Encryption for Windows Home
6. FAQ
7. Summary

What Is BitLocker?

BitLocker is Windows' built-in drive-encryption feature. Only someone who boots Windows normally — with the correct login — can access your files. Even if an attacker removes the drive and plugs it into another PC, the data stays locked.

Supported Editions and Requirements

Full BitLocker requires the following:

• Edition: Windows 10/11 Pro / Enterprise / Education (Home has limited support)
• TPM (Trusted Platform Module) 2.0 recommended — present on most modern PCs
• UEFI firmware with Secure Boot enabled
• The system drive formatted as NTFS

PCs without TPM can still use BitLocker by changing Group Policy, but you'll need to enter a password every time Windows starts.

Why the Recovery Key Matters

A BitLocker-encrypted drive can be unlocked with a 48-digit recovery key. Lose the key, and the data on that drive is gone permanently.

You'll need the recovery key in situations like:

• Authentication errors after a firmware update
• Hardware changes (e.g., motherboard replacement)
• Windows startup failures
• Forgotten passwords

Always back up the recovery key in multiple places — both cloud and printed paper.

How to Enable BitLocker

Here's the full activation flow.

Encrypting the C Drive

1. Open File Explorer
2. Right-click the target drive (C:) under This PC
3. Select Turn on BitLocker — if it doesn't appear, go to Settings → Privacy & Security → Device Encryption
4. The wizard launches; click Next

Windows will check the drive. If requirements are met, you'll proceed within seconds.

How to Save the Recovery Key

Partway through the wizard, you'll choose how to save the recovery key:

• Save to your Microsoft account (recommended — easiest to recover)
• Save to a USB flash drive
• Save to a file (on a drive other than the one being encrypted)
• Print the recovery key

For the best balance of security and convenience, save to your Microsoft account and also print a physical copy. That way, even if you lose account access, you still have the paper backup.

Next, choose the encryption range:

• Used disk space only — faster, ideal for a new PC
• Full drive — thorough, recommended for a PC already in use with existing data

If the drive has important data already on it, choose Full drive. Encryption takes anywhere from minutes to hours, but you can keep using the PC normally during the process.

Finally, check Run BitLocker system check and restart to start encryption.

How to Turn Off BitLocker

To decrypt the drive and return it to normal:

1. Go to Control Panel → System and Security → BitLocker Drive Encryption
2. Click Turn off BitLocker next to the target drive
3. Confirm in the dialog by clicking Turn off BitLocker
4. Decryption begins (can take minutes to hours)

You can keep using the PC during decryption, but don't shut down until it's complete — doing so risks data corruption.

Once decryption finishes, the recovery key is no longer needed. The backup copies you saved won't cause harm, but note that if you enable BitLocker again, a new key will be generated.

How to Find Your Recovery Key Later

If you've forgotten or lost the recovery key after encryption, here's how to retrieve it.

From Your Microsoft Account

If you saved the key to your Microsoft account, you can look it up in any browser:

1. Go to account.microsoft.com/devices/recoverykey
2. Sign in with your Microsoft account
3. A list of BitLocker recovery keys appears
4. Match the Key ID shown on your PC (first 8 characters) to the correct key in the list

Via PowerShell

If Windows is running normally, you can pull the current recovery key from PowerShell:

1. Open PowerShell as Administrator
2. Run this command:

(Get-BitLockerVolume -MountPoint "C:").KeyProtector

The RecoveryPassword in the output is your 48-digit recovery key. Copy it and store it somewhere safe.

Device Encryption for Windows Home

BitLocker is a Pro-and-above feature, but Windows 10/11 Home users can use a simplified version called Device Encryption.

1. Go to Settings → Privacy & Security (or Update & Security) → Device Encryption
2. If the Device Encryption option appears, toggle it On
3. The recovery key is automatically saved to your Microsoft account

Device Encryption doesn't let you choose encryption ranges or encrypt individual drives — it's a streamlined version of BitLocker. However, it provides the core encryption and recovery-key functionality, so Home users can still protect data against theft or loss.

If the Device Encryption setting doesn't appear, your hardware doesn't support it. In that case, consider a third-party encryption tool like VeraCrypt as an alternative.

FAQ

Q. Does turning on BitLocker slow down my PC?

A. You'll barely notice any difference. Modern CPUs handle encryption in dedicated hardware, so the performance impact is a few percent at most. On an SSD, it's essentially invisible.

Q. What happens if I lose the recovery key?

A. The data on the encrypted drive becomes permanently inaccessible. This is both BitLocker's greatest strength and its greatest risk. Always store the key in multiple locations.

Q. Which drives can BitLocker encrypt?

A. BitLocker works on the system drive (C:), data drives, USB flash drives, and external hard drives. Encryption of USB and external drives uses a feature called BitLocker To Go.

Q. Does changing my Windows password reset BitLocker?

A. No. Your Windows login password and the BitLocker recovery key are managed separately. Changing your password doesn't affect BitLocker.

Q. After a BIOS update, Windows asked me for my recovery key.

A. BitLocker detected a hardware change and flagged it as a potential security issue. Enter the recovery key you saved earlier, and Windows will boot normally from next time onward. For related reading, see How to Create and Use System Restore Points on Windows.

Summary

BitLocker is a powerful drive-encryption feature built into Windows Pro and above — an effective safeguard against data theft when a laptop is lost or stolen. When you enable it, a recovery key is generated, so back it up to your Microsoft account and print a physical copy as well. Lose that key and the drive's data is gone forever. Windows Home users should check for the Device Encryption option in Settings — it may be available on supported hardware.