BitLocker Overview and Requirements FAQ
How BitLocker works with operating system drives
You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data.
Which Trusted Platform Modules (TPMs) does BitLocker support?
BitLocker supports TPM version 1.2 or higher. BitLocker support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device.
How can I tell if a TPM is on my computer?
Starting with Windows 10, version 1803, you can check TPM status in Windows Defender Security Center > Device Security > Security processor details. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the Status heading. You can also run Get-TPM** in PowerShell to get more details about the TPM on the current computer.
How to Use BitLocker Without a TPM?
You might encounter below error message while setup of Bilocker
Go to Group Policy Editor in "gpedit.msc"
Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
In the right pane, double-click "Require additional authentication at startup"
Make sure the "Enabled" option is chosen so that all other options below will be active.
Uncheck the box for "Allow BitLocker without a compatible TPM."
For the choice of "Configure TPM startup:", choose "Allow TPM."
For the choice of "Configure TPM startup PIN:", choose "Require startup PIN with TPM."
For the choice of "Configure TPM startup key:", choose "Allow startup key with TPM."
For the choice of "Configure TPM startup key and PIN:", choose "Allow startup key and PIN with TPM."
Click the "Apply" button and then the "OK" button to save the changes.
How to Set Up BitLocker
You can now enable, configure, and use BitLocker normally. Head to Control Panel > System and Security > BitLocker Drive Encryption and click “Turn on BitLocker” to enable it for a drive.
You’ll first be asked how you want to unlock your drive when your PC boots up. If your PC had a TPM, you could have the computer automatically unlock the drive or use a short PIN that requires the TPM present.
Because you don’t have a TPM, you must choose to either enter a password each time your PC boots, or provide a USB flash drive. If you provide a USB flash drive here, you’ll need that flash drive connected to your PC each time you boot up your PC to access the files.
Continue through the BitLocker setup process to enable BitLocker drive encryption, save a recovery key, and encrypt your drive. The rest of the process is the same as the normal BitLocker setup process.
When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.