How to Enable BitLocker in Windows 11 (Full Disk Encryption)
What Is BitLocker and Why Use It
BitLocker is the full disk encryption feature included in Windows 11 Pro and Enterprise. It encrypts all disk contents with AES-256, so if someone steals your laptop or removes the drive, the data is unreadable without the password or recovery key.
It’s especially important on laptops, where the risk of loss or theft is higher. Professionals with sensitive data (contracts, customer data, financial information) should always have it enabled.
Requirements to Enable BitLocker
- Edition: Windows 11 Pro, Enterprise, or Education. Home has a limited version called Device Encryption
- TPM 2.0: required for automatic unlocking at startup
- UEFI boot: required (most modern PCs have this)
How to Enable BitLocker
- Go to File Explorer → right-click on the C: drive → Turn on BitLocker
- Choose how to unlock at startup: with TPM automatically, with PIN, with USB, or a combination
- VERY IMPORTANT: save the recovery key. Four options: save to Microsoft account (recommended), to a file, print it, or to a USB drive
- Choose encryption type: Used disk space only (faster, ideal for new PC) or Full drive (more secure, recommended for PCs already in use)
- Start encryption — can take from minutes to hours depending on disk size
Where to Save the Recovery Key (Critical)
The recovery key is a 48-digit number you’ll need if you lose the PIN or TPM changes (BIOS update or motherboard replacement). Without this key, the data is unrecoverable.
- Microsoft account: saved at account.microsoft.com/devices — the most convenient option
- Local file: save it somewhere other than the encrypted drive
- Printed: on paper stored in a safe place
Does BitLocker slow down the PC?
The performance impact is minimal on modern hardware (1-2% on disk operations). On modern NVMe SSDs the impact is practically imperceptible thanks to hardware encryption.
Can I enable BitLocker on Windows 11 Home?
Windows 11 Home doesn’t include full BitLocker, but does have Device Encryption if the hardware supports it. Enable it in Settings → Privacy & security → Device encryption.
What happens if I change the motherboard or BIOS?
TPM is tied to the motherboard. If you change it, Windows will ask for the recovery key at startup. You’ll have the key saved in your Microsoft account or the file you saved.
Conclusion
Enable BitLocker on your laptop if you handle sensitive data. The setup process takes 5 minutes. Most important: save the recovery key to your Microsoft account so you never lose access to your data.
