Symptoms
No symptom information is available.
Cause
No cause information is available.
Resolution
Windows Encryption
Applies to: Windows 10, and Windows 11
BitLocker device encryption is supported on a broad range of devices, including those that meet Modern Standby standards and devices that run Windows 10 Home edition or Windows 11.
Key Hardware Requirements
| Firmware/BIOS | - UEFI (for Unified Extensible Firmware Interface)
- Enable S0 (Modern Standby), Disable S3 (Legacy)
|
| TPM | - Trusted Platform Module (TPM) version 2.0
|
| Storage | - SSD (SATA and NVMe)
- Hybrid (Spindle HDD with NAND cache)
- Spindle (SSHD or SSD+HD)
|
Dell computers are not encrypted at the factory but follow the recommendation from Microsoft to support automatic device encryption. BitLocker Device Encryption 
After a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience (OOBE) is finished, the computer is prepared for first use. As part of this preparation, BitLocker device encryption is initialized on the Operating System drive and fixed data drives.
Check, Suspend/Pause, and Prevent the Device Encryption
Check the Current Encryption Status
Open a PowerShell or Terminal window as Administrator and type:
manage-bde -status : (replace with the drive letter, e.g., “C”)
Suspend Device Encryption
Suspend-BitLocker -MountPoint "C:" -RebootCount 0
This command suspends BitLocker encryption on the BitLocker volume that is specified by the MountPoint parameter. Because the RebootCount parameter value is 0, BitLocker encryption remains suspended until you run the Resume-BitLocker cmdlet.
To resume device encryption, use: Resume-BitLocker -MountPoint "C:"
Prevent or Disable Device Encryption
Preventing or disabling the device encryption should only be used in servicing scenarios.
The automatic BitLocker Device Encryption process can be prevented by changing the registry setting:
| Key | KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker |
| Subkey | PreventDeviceEncryption |
| Value | True (1) |
Modifying the registry key is only effective when applied to an image before installing Windows. If you want to stop encryption during OOBE and disable it permanently, use Manage-bde Off .
Difference Between Suspending and Disabling Encryption
The suspension provides a quick option to temporarily disable the protection on the computer drive for service. The process only takes a few seconds to complete and ensures that the drive content is still protected from unauthorized access yet allows computer repair or maintenance to occur.
Decryption permanently removes the protection and makes the content accessible to anybody who can access the drive. Also, decrypting a drive is time-consuming: Microsoft estimates it takes approximately 1 minute per 500 MB of drive space. The device decryption should only be used before restoring a Windows image.
Preparing Your Computer for Service
Before making a change that might trigger a BitLocker Recovery Key, ensure that a recovery key was safely backed up before activating BitLocker protection. Ensure that any backed-up recovery key is accessible from another computer or phone: Finding your BitLocker Recovery Key in Windows .
Device encryption should be suspended before the computer is serviced on-site or returned to a service center. The device encryption must be suspended before flashing the computer BIOS and when a motherboard or a computer drive replacement are expected.
Note: Dell BIOS installers automatically suspends BitLocker before the update is performed.
More Information
Back to Top
Additional Information
Recommended Articles
Here are some recommended articles related to this topic that might be of interest to you.
Affected Products
Alienware, Inspiron, OptiPlex, Vostro, XPS, G Series, G Series, Alienware, Inspiron, Latitude, Vostro, XPS, Fixed Workstations, Mobile Workstations
FAQs
Automatic Device Encryption: BitLocker automatically encrypts all drives when it is installed, ensuring that no one without the proper credentials can access its content.
Why does my Dell laptop keep asking for BitLocker recovery? ›
When BitLocker sees a new device in the boot list or an attached external storage device, it prompts you for the key for security reasons. This is normal behavior. This problem occurs because boot support for USB-C/TBT and Preboot for TBT are set to On by default.
Is BitLocker enabled by default in Dell? ›
Dell does not enable BitLocker on any device, BitLocker is enabled by the user during setup or domain configuration by an administrator. A BIOS update can trigger a BitLocker Recovery event as the PCR banks between the time Windows runs, and the time the BIOS is flashed, changes.
Can BitLocker be turned on automatically? ›
And the Bitlocker drive encryption is automatically enabled on supported devices running Windows 10 and newer during the out-of-box experience and signing into a personal Microsoft account (such as @outlook.com or @hotmail.com) or your work or school account.
Why does BitLocker come up on my computer? ›
If you experiences that the computer shows BitLocker recovery screen after power on, it means that the HDD/SDD has been encrypted. (HDD/SDD is locked.)
What is the difference between BitLocker and BitLocker device encryption? ›
Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. When a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use.
What triggers BitLocker? ›
The BitLocker recovery key prompt can be triggered by a variety of reasons, including hardware changes, software updates (especially if BIOS update is involved), etc. It is not necessarily alarming. The recent security update can be definitely a trigger here as well.
Is BitLocker legit? ›
BitLocker is very good way to protect our files from anauthorized access without using correct private key. Most of critical user computers are protecting by the BitLocker which is working very stable and speed.
Is there a downside for using BitLocker? ›
Cons of BitLocker
Asking a nontechnical user to know things about encryption keys and proper storage or backup of these keys is a bit much. Not having the key can lock legitimate users out of their own data and using BitLocker can significantly impact performance (up to 45%) in some cases.
How to skip BitLocker recovery? ›
Navigate to Troubleshoot > Advanced Options > Startup Settings 2. Press Restart 3. Skip the first Bitlocker recovery key prompt by pressing Esc 4. Skip the second Bitlocker recovery key prompt by selecting Skip This Drive in the bottom right 5.
Again, it's generally good to have BitLocker enabled, especially for fixed drives on your PC. However, if you have drives that move between different PCs, BitLocker may be a problem because it's only available on Windows.
What will happen if BitLocker is turned off? ›
Decrypt completely removes BitLocker protection and fully decrypts the drive. Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive.
What would activate BitLocker? ›
Bitlocker recovery mode can be triggered by a number of situations, including: A malicious attempt by a person or software to change the startup environment. Rootkits are one example. Moving the BitLocker-protected drive into a new computer.
How do I turn off automatic BitLocker encryption? ›
Turn off Standard BitLocker encryption
Type and search [Manage BitLocker] in the Windows search bar①, then click [Open]②. Click [Turn off BitLocker]③ on the drive that you want to decrypt. If the drive is under locked status, you need to click [Unlock drive] and type the password to turn off BitLocker.
What is the default encryption of BitLocker? ›
BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 bits or 256 bits.
How to disable BitLocker automatic device encryption? ›
Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. Look for the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker. A message will be displayed, stating that the drive will be decrypted and that decryption may take some time.
What is the meaning of auto encryption? ›
Automatic encryption is simply the second level of security added to the security provided by a virtual private network.
How do I automatically encrypt a USB drive with BitLocker? ›
Insert the USB drive you want to encrypt - this can be a new drive, or one that already has data stored on it. Open File Explorer, right-click on the USB drive then select Turn on BitLocker… from the pop-up menu. The BitLocker wizard launches and BitLocker prepares the USB drive for encryption.
