Although the hardware can always be replaced, one thing you may not be able to afford is your files, or your organization’s data, getting compromised. And this is when BitLocker can help. On Windows 10, BitLocker is a security feature that protects your files using data encryption to prevent unauthorized access from hackers and prying eyes. BitLocker provides encryption for full drives and portable drives, and while it’s a feature that has been around for years, on Windows 10, it can even protect individual files with data loss protection. In this guide, you’ll learn the easy steps to set up BitLocker on any Surface to help protect your data using the Settings app on Windows 10.

How to turn on BitLocker encryption on any Surface

All Surface devices features a Trusted Platform Module (TPM) that make it super easy to encrypt all your data. Once you’ve completed the steps, Microsoft’s BitLocker will provide encryption for the full drive, and moving forward all your new files will be encrypted. Windows 10 device encryption At any time, you can disable BitLocker on your Surface Pro, Surface Book, or Surface Laptop with the same steps, but in this case the click the Turn off button in step No. 4.

Microsoft’s BitLocker details

After turning on drive encryption on your Surface, the only way to decrypt your files is by signing in to your device with your account password. If you ever forget your password, never try to use third-party recovery tools to reset your password, as you will lose access to files forever. The Device Encryption option in the Settings is only available on devices with a Trusted Platform Module (TPM) version 1.2 or later starting with the Windows 10 Fall Creators Update. The TPM is a chip installed inside your Surface and many newer computers. It works with BitLocker to help protect your data and to ensure that the device has not been tampered with while the system was offline. In the case, you’re dealing with another kind of computer without a TPM chip, you can still use Windows 10’s BitLocker, but you’ll be required to use a USB drive with a startup key to start or resume from hibernation. Alternatively, it’s also possible to use a volume password to protect the partition that houses Windows 10. However, neither of these options provide system integrity verification offered on a device using TPM. All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.