Encrypting a hard drive is a good way to protect its contents from unauthorized access. It encodes the hard drive’s contents using an encryption algorithm.
This way, hackers or other random people can’t get access to your hard drive’s contents in any way unless they get the encryption key as well.
Windows allows two built-in methods to encrypt your internal as well as external drives— BitLocker and Device Encryption.
However, these methods depend on the Trusted Platform Module (TPM) hardware. Without TPM, you have to use third-party apps for the encryption.
Note: If you wish to use BitLocker or Device Encryption, enter your motherboard’s BIOS/UEFI and make sure that TPM is enabled.
Using BitLocker
The traditional and the most popular way of encrypting your hard drive is through the built-in feature, BitLocker. You can load this program through the Control Panel or Windows Settings.
Note: BitLocker is not available in Windows Home editions. For such OS, upgrade to a pro version or use other methods instead.
Log into an administrator account on Windows.
Press Windows + I
- Open Settings.
- Click on System.
- Click the Storage page on the right side.
- Under the “Storage management” section, click on Advanced storage settings.
- Click on Disks & volumes.
- Select the drive with the partition to encrypt.
- Select the partition to enable encryption and click the Properties button.
- Click the “Turn on BitLocker” option.
- Click the “Turn on BitLocker” option again.
- Select the option to back up the recovery key — for example, Save to your Microsoft account.
- Quick note: You can always find the recovery key on your Microsoft account. Also, the option to save online is only available when the account is connected to a Microsoft account.
- Click the Next button.
- Select the “Encrypt used disk space only” option.
- Click the Next button.
- Select the “New encryption mode” option.
- Check the “Run BitLocker system check” option.
- Click the Restart now button (if applicable).
Once you complete the steps, the system will begin encrypting the data on the drive.
Note: You can also right-click on the drives inside your File Explorer and select Turn on Bitlocker or Show more options > Turn on BitLocker to initiate the process.
Using Device Encryption
You can also use Device Encryption in some computers to encrypt your hard drives. It also uses the TPM like the BitLocker. But while BitLocker allows you to choose which drive to encrypt, this feature encrypts all connected drives.
Apart from the TPM, Device Encryption also has some more prerequisites:
- Your PC should support UEFI firmware.
- Your firmware should support modern standby (S0 state). (You can check by running
powercfg /a
on Run)
If your computer supports Device Encryption,
- Log in to a Microsoft account with admin privileges. If you don’t have such an account, create it or change to one.
- Open Windows Settings by pressing the Windows key + I.
- Go to Privacy & security > Device Encryption or Update & Security > Device Encryption.
- Click on Turn on and wait until the process completes.
Note: If you can’t find the options, your system hasn’t met all the necessary requirements. Check System Summary > Device Encryption Support on System Information (msinfo32
on Run) to see why automatic device encryption failed.
Using Third-Party Software
You can also use other third-party encryption software to encrypt and protect your drives.
Most of these programs don’t use the TPM, so there’s no hardware limitation. Many open-source and free apps like VeraCrypt, AxCrypt, DiskCryptor, etc., are also available for this purpose.
If you want to encrypt your external hard drives, you may even find an OEM encryption application.
In summary, Windows 11 Home users can use Device Encryption for internal drives but need third-party software for external drives. Windows 11 Pro/Enterprise users have more options with BitLocker for both internal and external drive encryption.