How to Enable BitLocker Drive Encryption on Windows 10 and 11

What Causes This?

BitLocker may be unavailable or fail to turn on if your PC doesn’t meet the requirements for device encryption. Common causes include a missing or disabled TPM security chip, unsupported Windows edition, an unprepared system drive, or Group Policy settings that block BitLocker. In some cases, BitLocker is available but users can’t find the option because they’re on Windows Home, where full BitLocker management is not included.

Common Symptoms

• You don’t see a Turn on BitLocker option in Control Panel or Settings
• Windows says This device can’t use a Trusted Platform Module
• BitLocker setup fails with an error during startup check
• You’re prompted to save a recovery key but encryption never starts
• Device encryption is missing even though you expected it to be available

How to Fix It Manually

1. Check your Windows edition

   • Press Windows + I to open Settings.
   • Go to System > About on Windows 11, or Settings > System > About on Windows 10.
   • Look for Windows specifications and confirm your edition.
   • BitLocker management is included in Windows 10/11 Pro, Enterprise, and Education. Windows Home may only support limited Device encryption on supported hardware.

2. Check whether your PC has a TPM and that it’s ready

   • Press Windows + R, type tpm.msc, then press Enter.
   • In the TPM Management window, check the status.
   • If you see The TPM is ready for use, continue.
   • If TPM is missing or disabled, restart your PC and enter BIOS/UEFI settings. Look for TPM, PTT (Intel), or fTPM (AMD), then enable it and save changes.

3. Verify the drive is formatted correctly and Windows can support BitLocker

   • Open File Explorer, right-click your C: drive, and choose Properties.
   • Make sure the drive is using NTFS.
   • If needed, open Command Prompt as administrator:
     • Press Start, type cmd
     • Right-click Command Prompt and choose Run as administrator
   • Run:

     manage-bde -status

   • This shows whether BitLocker is available and the current protection status.

4. Turn on BitLocker from Control Panel

   • Press Start, type Control Panel, and open it.
   • Go to System and Security > BitLocker Drive Encryption.
   • Next to your operating system drive, click Turn on BitLocker.
   • Choose how you want to unlock the drive at startup if prompted.

5. Back up your recovery key

   • Save the recovery key to your Microsoft account, a USB drive, a file, or print it.
   • Do not store the recovery key only on the encrypted drive.
   • Keep it somewhere safe in case Windows asks for it after a hardware or firmware change.

6. Choose encryption settings and start the process

   • Select Encrypt used disk space only for faster setup on a new PC, or Encrypt entire drive for older systems.
   • Choose New encryption mode unless you need compatibility with older Windows versions.
   • Click Start encrypting and let the process finish. You can keep using the PC while it runs.

7. If BitLocker says TPM is required, allow startup authentication without TPM

   • Press Windows + R, type gpedit.msc, and press Enter.
   • Go to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
   • Open Require additional authentication at startup.
   • Set it to Enabled, then check Allow BitLocker without a compatible TPM.
   • Click Apply, then OK, and try enabling BitLocker again.

Fix It Automatically with Kudu

Kudu can quickly check whether your PC is ready for BitLocker by identifying missing requirements like TPM issues, unsupported settings, or configuration problems that block encryption. Instead of digging through Windows tools one by one, you can use Kudu to spot and fix common readiness issues faster.

Download Kudu Free →