Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Know If My Hard Disk Is BitLocker-Encrypted?

It surprises many.

by

Your hard disk could be BitLocker encrypted without your knowledge.
Is it encrypted?
(Image: askleo.com)

Your hard disk might be BitLocker encrypted, and you might not even know it.

On one hand, that might seem OK. Encryption is good, right?

Well, it’s good until it’s not.

Let’s figure out whether your hard disk is encrypted, discuss why it matters, and explore what you might need to do about it.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Is your hard disk encrypted?

Your computer’s hard drive might be encrypted with BitLocker without you knowing it. In Windows Pro, you’ll see a padlock icon. In Windows Home, check “Device encryption” under Privacy & security settings. Make sure you can access your recovery key at aka.ms/myrecoverykey, or you could lose everything!

Windows Pro editions: a snap

If you’re running Windows 11 (or 10) Pro, it’s obvious. Just look at the drive in Windows File Explorer.

Bitlocker in Windows 11 Pro
Checking for Bitlocker in Windows File Explorer (Windows 11 Pro). (Screenshot: askleo.com)

If it’s encrypted, there will be a padlock on the drive icon. If you right-click on it, as I’ve done above, you’ll also see “Manage BitLocker” in the pop-up menu.

If it’s not encrypted, the padlock won’t be present (as the D: drive shows above), and right-clicking will include the option to “Turn on BitLocker”.

Pretty clear.

Windows Home edition: stealth encryption

Technically, BitLocker isn’t available in Windows Home, so the icons and pop-up menu items we saw above aren’t present.

And yet, the drive may be encrypted in Windows 11 Home.

In the Settings app, click on Privacy & security in the left-hand pane.

Windows 11 Home, Privacy & security settings
Windows 11 Home Privacy & security settings. Click for larger image. (Screenshot: askleo.com)

If “Device encryption” is listed on the right, your device may have its hard drive encrypted. If it’s not present, your machine doesn’t support device encryption1, and your hard drive will not be BitLocker encrypted.

Click on Device encryption.

Device Encryption is on.
Device encryption is enabled. Click for larger image. (Screenshot: askleo.com)

On this machine, device encryption is turned on. I did not turn it on; it was on from the start. I was neither asked nor warned that this would happen.

More importantly, I was never offered the opportunity to save my encryption recovery key.

Getting the recovery key

Clicking on Find your BitLocker recovery key (at the bottom of the image above) will take you to a support article, which I suppose can be useful.

More directly, though, visit:

https://aka.ms/myrecoverykey

This will take you to the BitLocker recovery key page of your Microsoft account. To visit this page, you must be able to sign in to your Microsoft account, and it needs to be the same Microsoft account that was used to encrypt the drive — typically the first account you specified when setting up the machine.

Bitlocker Recovery Keys
Bitlocker recovery keys in Microsoft account. Click for larger image. (Screenshot: askleo.com)

Here, you should find the key you can use to recover access to your encrypted drive should you ever be unable to sign into the machine normally.

Microsoft has done the right thing in automatically adding the key to the Microsoft account when the drive was set up, but it did so without warning or notification. I strongly recommend you visit the recovery keys page online to ensure your keys are listed there. Consider copy/pasting them to another secure location for safekeeping as well.

Or turn it off

If you find that Device Encryption has been enabled without your knowledge, the other option is, of course, to turn it off.

I can’t tell you whether that’s the right thing for you or not. It depends on how you use your computer and what your security concerns are. Having it on means that even if your computer (or the hard drive) was stolen, your data would remain secure. The “cost”, if you will, is that it’s more difficult to access the hard drive for things like repair or recovery.

With encryption turned off, attaching the hard drive to another machine or even booting your existing machine from a bootable USB stick should allow the disk’s contents to be accessible.

Do this

It remains your choice whether to have your drive whole-disk encrypted by BitLocker.

Even if Microsoft didn’t tell you.

Whatever the case, confirm that your BitLocker recovery key has been saved somewhere. If not, decrypt the drive immediately and then decide whether you want to encrypt it again, saving the recovery key as you do so.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 6:46 — 6.2MB)

Subscribe: RSS

Related Video

Footnotes & References

1: It’s unclear what the full requirements are. I can say that if your computer has no TPM, then device encryption is not available.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.