To use the BitLocker function, you need a computer that has a Trusted Platform Module (TPM). If you try to enable BitLocker on a PC without a TPM, you’ll be told your administrator must set a system policy option.
On the other hand, BitLocker is available only on Professional, Enterprise, and Education editions of Windows. That means if your PC equips with a TPM 1.2 or later; still, you can’t use BitLocker because you will not find an option for BitLocker to configure.
BitLocker typically requires a Trusted Platform Module (TPM 1.2 or later) chip on your computer’s motherboard. This TPM chip generates and stores the actual encryption keys and automatically unlocks your PC’s drive so that when you boot, you can sign in just by typing your Windows login password.
If someone gets physical access to your PC, removes the drive from the computer, and attempts to decrypt it, they will fail to access that without the key stored in the TPM. The TPM won’t work if you change the PC’s motherboard, either.
However, if your motherboard (or laptop) doesn’t have a TPM, you may want to use BitLocker without a TPM, but this will be less secure. But it is always better than nothing.
How to Use BitLocker on Windows 11 or 10 without a TPM?
If you want to use BitLocker on Windows 11 and 10 machines without a TPM, use the following steps:-
Step 1. First, open Local Group Policy Editor.
Step 2. Then, navigate to the following path on the left side:-
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Step 3. After that, double-click the policy name on the right-side pane, “Require additional authentication at startup.”
Step 4. Ensure the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” checkbox is enabled under the “Options” section.
Step 5. Click
Step 6. Click
How to Set Up BitLocker?
Once you complete the above steps, you can configure and use BitLocker usually.
To set up BitLocker on Windows 11 or 10, use the following steps:-
Step 1. Open Control Panel.
Step 2. Click on
Step 3. Click on
Step 4. Under the “Operating system drive” section, click the
Step 5. Now, you’ll be asked how you want to unlock your drive at startup. Because you don’t have a TPM, you can choose either “Insert a USB flash drive” or “Enter a password.” If you select a USB flash drive option, you’ll need that flash drive connected to your PC each time you boot up your PC to access the files.
Step 6. Since we don’t want to use a USB flash drive, we have selected the second option, “Enter a password,” to encrypt our drive.
Step 7. In the following screen, enter the password to encrypt the drive and then confirm the password.
Step 8. After that, click the
Step 9. Now, you’ll be prompted to back up your recovery key. You can select from the following options:-
- Save to your Microsoft account
- Save to a USB flash drive
- Save to a file
- Print the recovery key
Choose a method to back up your recovery key and click the
Step 10. In the following screen, choose the faster or slower method to encrypt the drive and then click the
At last, you’ll be prompted to reboot your computer. Depending on your configuration, you may need to enter the BitLocker USB flash drive or password that you have set in the above steps.