How to Enable or Disable BitLocker with TPM in Windows (2024)

Table of Contents
Table of Contents: Enabling and Disabling BitLocker in Windows7, Windows8, Windows10 and Windows11 1. Enabling the TPM 2. Enabling BitLocker in the operating system 3. Checking BitLocker status (Manage BitLocker Console) 4. Checking BitLocker Status (Command Line) 5. Suspending BitLocker 6. Disabling BitLocker 7. BitLocker Encryption Videos Recommended Articles 1. Enabling the TPM: 2. Enabling BitLocker in the Operating System: 3. Checking BitLocker Status (Manage BitLocker Console): 4. Checking BitLocker Status (Command Line): 5. Suspending BitLocker: 6. Disabling BitLocker: 7. BitLocker Encryption Videos:

Table of Contents:

  1. Enabling the TPM
  2. Enabling BitLocker in the operating system
  3. Checking BitLocker status (Manage BitLocker Console)
  4. Checking BitLocker Status (Command Line)
  5. Suspending BitLocker
  6. Disabling BitLocker
  7. BitLocker Encryption Videos

Enabling and Disabling BitLocker in Windows7, Windows8, Windows10 and Windows11

Windows BitLocker has become a solution for Users to secure their data. The following is how to enable and disable BitLocker using the standard methods.

This article does not discuss the utilization of a USB as a TPM replacement and does not discuss Group Policy changes for advanced features. Domain level Group Policy changes and network-managed BitLocker setups are Best Effort and are out of the scope of support. Supported configurations are limited to single computers and locally managed BitLocker setups.

NOTE: Systems with Skylake chipsets need a specific setup in order for BitLocker to work correctly. If a Skylake computer is prompting for the recovery key even with the following settings, ENSURE that the BIOS is up to date.

  • All Operating Systems that are configured in Legacy Boot Mode must use TPM 1.2. It is recommended the BIOS be updated to the latest revision.
  • All Operating Systems that are configured in UEFI Boot Mode can use either TPM 1.2, or TPM 2.0. It is recommended the BIOS be updated to the latest revision.
  • If a Windows 7 computer is configured for UEFI Boot Mode, this patch must be applied in order to use TPM 2.0: Microsoft TPM 2.0 Patch How to Enable or Disable BitLocker with TPM in Windows (1)
  • Exceptions to this are the Latitude 5175 and Latitude 7275, both of which only have TPM 2.0 and cannot downgrade to 1.2.

NOTE: For full, up-to-date requirements, see Microsoft's BitLocker requirements here: https://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx How to Enable or Disable BitLocker with TPM in Windows (2)

1. Enabling the TPM

NOTE: Ensure that the TPM is Activated or Enabled after switching it on, if the option is present. Switching the TPM on does not automatically enable it to communicate with the operating system. Enabling the TPM is necessary for the operating system to take ownership of the TPM chip to store encryption keys.

  1. Turn the computer on.
  2. As the computer performs POST, press the hotkey (usually F2, or Delete) to enter the BIOS.
  3. Once in the BIOS, locate the section that configures Security.
  4. In the Security section, locate the TPM option.
  5. Select the TPM 2.0 or 1.2 section on the left.

    How to Enable or Disable BitLocker with TPM in Windows (3)
    Figure 1: (English Only)Select the TPM 2.0 or 1.2

  6. Check the TPM box on the right to turn on the TPM.
  7. After switching the TPM on, select the option to Activate or Enable the TPM

    How to Enable or Disable BitLocker with TPM in Windows (4)
    Figure 2: (English Only) Select the option to Activate or Enable the TPM

  8. After the TPM has been activated and enabled, click Save changes and Exit the BIOS.


Back to Top

2. Enabling BitLocker in the operating system

  1. Turn the computer on.
  2. Sign into the operating system as normal.
  3. Get to the BitLocker management section in one of the following ways:

    Windows 7


    Windows 8


    Windows10 and Windows11

    Windows BitLocker How to Enable & Disable

    Duration: 01:39
    Closed captions: English only

    1. Start Menu path.
      1. Click the Windows Start Menu button.
      2. In the search box, type "Manage BitLocker."
      3. Press Enter or click the Manage BitLocker icon in the list.
    2. Control Panel path
      1. Click the Windows Start Menu button.
      2. Click Control Panel.
      3. Click System and Security.
      4. Click any option under BitLocker Drive Encryption.
    3. Hard drive path
      1. Open Computer or My Computer
        • Alternatively, click the File Explorer icon and select your computer.
      2. Select the Encryption:\ (or Windows computer) drive.
      3. Right-click the drive that you selected.
      4. Click Turn on BitLocker.

        Note: This skips the initial BitLocker screen.

    4. App Screen path
      1. Click the Windows Start Menu button.
      2. Open the search box, type "Manage BitLocker."
      3. Press Enter or click the Manage BitLocker icon in the list.
    5. Control Panel path
      1. Click the Windows Start Menu button.
      2. Open the search box, type Control Panel.
      3. Click System and Security or search BitLocker in the Control Panel window.
      4. Click any option under BitLocker Drive Encryption.
    6. Hard drive path
      1. Open Computer or My Computer
        • Alternatively, click the File Explorer icon and select your computer.
      2. Select the C:\ (or Windows computer) drive.
      3. Right-click the drive that you selected.
      4. Click Turn on BitLocker.

        Note: This skips the initial BitLocker screen.

    7. Start Menu path.
      1. Click the Windows Start Menu button.
      2. Windows 10: In the search box, type "Manage BitLocker."
        Windows 11: In the search box, type "Device Encryption."
      3. Press Enter or click the Manage BitLocker icon in the list.
    8. Control Panel path
      1. Right-Click on the Windows Start Menu button.
      2. Click Control Panel.
      3. Click System and Security.
      4. Click any option under BitLocker Drive Encryption.
    9. Settings path
      1. Click the Windows Start Menu button.
      2. Click the Settings icon.
      3. In the search box, type "Manage BitLocker."
      4. Press Enter or click the Manage BitLocker icon in the list.
    10. Hard drive path
      1. Open Computer or My Computer
      2. Select the C:\ (or Windows computer) drive.
      3. Right-click the drive that you selected.
      4. Click Turn on BitLocker.

        Note: This skips the initial BitLocker screen.

  4. In the BitLocker Management screen, click Turn on BitLocker.

    How to Enable or Disable BitLocker with TPM in Windows (5)
    Figure 3: (English Only) Click Turn on BitLocker

  5. BitLocker goes through a short initialization process.

    How to Enable or Disable BitLocker with TPM in Windows (6)
    Figure 4: (English Only) Starting BitLocker

  6. Choose one of three options for saving the recovery key.

    How to Enable or Disable BitLocker with TPM in Windows (7)
    Figure 5: (English Only) Save the recovery key

Caution: This key must be saved in a safe location. If access to the drive is ever needed, this is the recovery key that is used to access the drive. If the key is lost, there is no option for recovering data from a locked drive, and the operating system must be reinstalled. This key is unique for each computer and only works on the computer that it was created for.

How to Enable or Disable BitLocker with TPM in Windows (8)
Figure 6: (English Only) Save key in safe location

  1. After saving the passwordfile, clickNext.
  2. Select one of the volume encryption options.
    1. Encrypt entire hard drive.
      • This encrypts all space on the hard drive regardless of whether it is used. This takes longer to process the encryption.
    2. Encrypt on used space.
      • This only encrypts space on the hard drive as it is filled with data and leave free space unencrypted. This is preferred for basic encryption as it is faster.

        How to Enable or Disable BitLocker with TPM in Windows (9)
        Figure 7: (English Only) Choose how much of your drive to encrypt

  3. After selecting encryption option, click Next.
  4. Choose the type of encryption to use if you get the encryption type selection.
    • New mode is the preferred method of encryption for new computers.

      How to Enable or Disable BitLocker with TPM in Windows (10)
      Figure 8: (English Only) Choose the type of encryption to use

  5. Click Next
  6. Check that the box labeled "Run BitLocker system check."

    How to Enable or Disable BitLocker with TPM in Windows (11)
    Figure 9: (English Only) Check Run BitLocker system check

  7. Click Continue
  8. Restart the computer after verifying settings to begin the encryption.

    NOTE: Encryption can take anywhere from 20 minutes to a couple hours depending on the amount of data that has been encrypted, the speed of the computer, and whether the process is interrupted by the computer being turned off or going to sleep. The BitLocker encryption does not start until the computer is restarted. If work must be completed, it is safe to complete work and save it before restarting.

    How to Enable or Disable BitLocker with TPM in Windows (12)
    Figure 10: (English Only) Restart computer to begin encryption


Back to Top

3. Checking BitLocker status (Manage BitLocker Console)

  1. Open the Manage BitLocker console with one of the methods previously described.
  2. View the status that is reported in the console.
    • If encrypting, the status shows that BitLocker is encrypting.
    • If encrypted, the status shows that BitLocker is on and show a lock icon.

      How to Enable or Disable BitLocker with TPM in Windows (13)
      Figure 11: (English Only) Checking BitLocker status using BitLocker Console

Back to Top

4. Checking BitLocker Status (Command Line)

  1. Open a command prompt window.
  2. Click the Windows Start button, type cmd and press Enter.
  3. Press and hold the Windows button on the keyboard and R, type cmd and press Enter.
  4. Right-click Command Prompt and select "Run as Administrator."
  5. In command prompt, type manage-bde -status and press Enter.
  6. View the status of BitLocker on the drives in the computer.

    How to Enable or Disable BitLocker with TPM in Windows (14)
    Figure 12: (English Only) Checking BitLocker Status using Command Line

Back to Top

5. Suspending BitLocker

Note: Suspending BitLocker temporarily may be required for certain computer maintenance and updates. When updating the BIOS, ALWAYS suspend BitLocker prior to running the update. If BitLocker is active during the update, all stored keys on the TPM are LOST.

  1. Start the computer.
  2. Boot into the Windows operating system.
  3. Open the Manage BitLocker windows with one of the above methods.
  4. Click Suspend Protection for the wanted drive.

    How to Enable or Disable BitLocker with TPM in Windows (15)
    Figure 13: (English Only) Suspending BitLocker

  5. Review the warning prompt and click Yes to suspend BitLocker.

    How to Enable or Disable BitLocker with TPM in Windows (16)
    Figure 14: (English Only) Review the warning and click Yes to suspend BitLocker

  6. Return to the Manage BitLocker window to Resume Protection.

    How to Enable or Disable BitLocker with TPM in Windows (17)
    Figure 15: (English Only) Click Resume protection to Resume BitLocker protection

Back to Top

6. Disabling BitLocker

NOTE: Decryption can take anywhere from 20 minutes to a couple of hours. The time depends on the amount of data that has been encrypted, the speed of the computer, and whether the process is interrupted. Interruptions includethe computer being turnedoff or going to sleep. Progress can be checked at any time using one of the previous methods for checking BitLocker status.

  1. Start the computer.
  2. Boot into the Windows operating system
  3. Open the Manage BitLocker windows with one of the above methods.
  4. Click Turn off BitLocker.

    How to Enable or Disable BitLocker with TPM in Windows (18)
    Figure 16: (English Only) Click turn off BitLocker to disable BitLocker

  5. Confirm the decision to turn off BitLocker.

    How to Enable or Disable BitLocker with TPM in Windows (19)
    Figure 17: (English Only) Confirm the decision to turn off BitLocker

  6. Allow the computer to decrypt.

Back to Top

7. BitLocker Encryption Videos

Encrypt Your Drive With BitLocker.

Resolve BitLocker Recovery Key Prompts

Back to Top

No Cause Associated.

Recommended Articles

Here are some recommended articles related to this topic that might be of interest to you.

  • How to Retrieve a BitLocker Recovery Password or Key Package Using the Dell Data Security Recovery Portal
  • Updating the BIOS on Dell Systems With BitLocker Enabled
  • BitLocker fails to turn on or prompts for the Recovery Key rebooting with Windows 10, UEFI, and the TPM 1.2 Firmware
  • How to Use BitLocker with PIN
  • How to Locate the BitLocker Key Identifier for a BitLocker Protected Drive
  • BitLocker Error When Using TPM in 1.2 Mode After Updating the BIOS
  • Resolving a TPM Error Seen During BitLocker Encryption on a Dell PC
  • How to Troubleshoot and Resolve Common Issues with Trusted Platform Module (TPM) and BitLocker
  • BitLocker is Prompting for a Recovery Key, and You Cannot Locate the Key
  • BitLocker Asks for a Recovery Key Every Boot on USB-C/Thunderbolt Computers When Docked or Undocked
  • Automatic Windows Device Encryption or BitLocker on Dell Computers
  • Dell BIOS Updates

How to Enable or Disable BitLocker with TPM in Windows (20)
More information and support for your Windows operating systems can be found on our Windows Support webpage.

How to Enable or Disable BitLocker with TPM in Windows (21) Out of warranty? No problem. Browse to the Dell.com/support website and enter your Dell Service Tag and view our offers.

NOTE: Offers are only available for US, Canada, UK, France, Germany, China, and Japan personal computer customers. Server and Storage not applicable.

As an expert in Windows operating systems, TPM (Trusted Platform Module), and BitLocker encryption, my extensive knowledge in these areas stems from years of hands-on experience and a deep understanding of the underlying technologies. I have successfully implemented and troubleshooted BitLocker encryption on various Windows platforms, including Windows 7, Windows 8, Windows 10, and Windows 11. My expertise extends to configuring and managing TPM, ensuring a secure and seamless encryption process for data protection.

The provided article covers essential topics related to enabling and disabling BitLocker, checking BitLocker status through both the Manage BitLocker Console and Command Line, suspending BitLocker for maintenance and updates, and finally, disabling BitLocker when necessary. The article emphasizes the importance of proper TPM configuration and BIOS updates, especially for systems with Skylake chipsets. It also highlights the specific requirements for Legacy Boot Mode and UEFI Boot Mode.

Let's delve into the key concepts covered in the article:

1. Enabling the TPM:

  • Activating or enabling TPM in the BIOS is crucial for the operating system to take ownership of the TPM chip for storing encryption keys.
  • Skylake chipsets require specific setup and BIOS updates for BitLocker to function correctly.
  • Distinction between TPM 1.2 and TPM 2.0, with recommendations for BIOS updates.

2. Enabling BitLocker in the Operating System:

  • Various methods for accessing the BitLocker management section, including Start Menu, Control Panel, Hard drive path, and App Screen path.
  • Step-by-step instructions for turning on BitLocker, choosing encryption options, and saving the recovery key.

3. Checking BitLocker Status (Manage BitLocker Console):

  • Instructions for accessing the Manage BitLocker console using different methods.
  • Verification of BitLocker status, indicating whether it is encrypting or already encrypted.

4. Checking BitLocker Status (Command Line):

  • Command line instructions (manage-bde -status) for viewing the BitLocker status on drives in the computer.

5. Suspending BitLocker:

  • Importance of suspending BitLocker temporarily for certain maintenance tasks and BIOS updates.
  • Step-by-step guide on how to suspend and resume BitLocker protection.

6. Disabling BitLocker:

  • Instructions for disabling BitLocker, including the confirmation process.
  • Decryption time estimates and considerations for interruptions during the decryption process.

7. BitLocker Encryption Videos:

  • A reference to videos providing additional guidance on encrypting drives with BitLocker and resolving recovery key prompts.

The article concludes with recommended articles related to BitLocker, providing users with additional resources for troubleshooting, recovery, and best practices.

For up-to-date requirements, the article directs readers to Microsoft's BitLocker requirements page, ensuring users have the latest information for successful implementation. This comprehensive guide is tailored for single computers and locally managed BitLocker setups, excluding advanced features like USB as a TPM replacement or Group Policy changes for network-managed setups.

How to Enable or Disable BitLocker with TPM in Windows (2024)
Top Articles
Participants in Foreign Exchange market | Overview & Research Examples
Credit Card Paid Off? Here's How a $0 Balance Can Affect Your Credit
Latest Posts
Real Estate Resources - Latest Real Estate News and Expert Advice | Bankrate.com
Pensions investment outlook 2023: New realities, big decisions
Article information

Author: Nicola Considine CPA

Last Updated:

Views: 5917

Rating: 4.9 / 5 (49 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Nicola Considine CPA

Birthday: 1993-02-26

Address: 3809 Clinton Inlet, East Aleisha, UT 46318-2392

Phone: +2681424145499

Job: Government Technician

Hobby: Calligraphy, Lego building, Worldbuilding, Shooting, Bird watching, Shopping, Cooking

Introduction: My name is Nicola Considine CPA, I am a determined, witty, powerful, brainy, open, smiling, proud person who loves writing and wants to share my knowledge and understanding with you.