Table of Contents
Case: Windows Device Encryption vs BitLocker
Is there a distinction between what Windows refers to as 'Device Encryption' and BitLocker? I always thought they were the same thing, but according to this link, "if you don't have Device Encryption, you can probably use standard BitLocker encryption instead." Despite being a relatively recent laptop, my computer indicates it does not support Device Encryption.
What is Device Encryption? What’s the difference between Device Encryption and BitLocker? Why do some users not use BitLocker on their Windows, even if it may be a new computer?...
There is much confusion about Device Encryption and BitLocker, so, in this article, we’ll discuss all these problems and show you what to do when you find your PC doesn’t support BitLocker.
What is device encryption and BitLocker?
First, let’s learn more about these two security methods on Windows.
▌Device Encryption
Device Encryption is a security feature in Windows that encrypts your disk and safeguards your data. Once enabled, only authorized users may access your device and data. If your laptop or gadget is lost or stolen, it will secure your data from unwanted access.
When you lose your laptop, no one else can access the data on your system and secondary disks except you, who has the password. The data is all confused. Device Encryption is enabled by default on all Windows devices.
Windows 11 Home and Pro provide automated device encryption, which is more efficient and faster than BitLocker encryption.
▌BitLocker
BitLocker is a more feature-rich and customizable encryption tool available in specific Windows editions. BitLocker is a full-device encryption technology with management features that is included with Windows 11/10 Pro, Enterprise, and Education editions. You will not find it on your PC if you are using Windows 11/10 Home Edition.
It is incorporated into Windows OS to provide total data security in drives via encryption. You may activate it for certain drives or all drives on your computer.
▌Differences between Device Encryption and BitLocker
1. Encryption
BitLocker encryption combines full-drive encryption with administration options for your protected devices. You may use BitLocker to encrypt systemdrive or the entire disk, including internal and external drives. Meanwhile, you will be provided with a set of administration tools to let you customize the security features and secure your data.
Device encryption cannot safeguard a single disk, but rather your entire system as well as supplementary drives. When Device encryption is enabled, you cannot exclude a disk or partition.
2. Availability
BitLocker is compatible with Windows 10, Windows Server 2016 and later, and Windows 11. BitLocker, on the other hand, is not featured in the Windows 11/10 Home version.
Device encryption is available on all Windows operating systems; however, there are specific hardware requirements for your PC (We’ll list the requirements of two tools later).
3. Usage
It is recommended that you configure BitLocker encryption via Group Policy and back up your BitLocker recovery key as directed. A Microsoft account and an active TPM are necessary.
▌Hardware requirements of BitLocker and Device Encryption
▶ BitLocker encryption
The BIOS or UEFI firmware on your computer must be Trusted Computing Group (TCG) compliant and have Trusted Platform Module (TPM) 1.2 or later.
The disk you want to encrypt must be partitioned into at least two drives, including the operating system drive and the system drive.
▶ Device encryption
Your PC has a TPM (Trusted Platform Module), be it a TPM 1.2 or a TPM 2.0.
UEFI Secure Boot and Platform Secure Boot are enabled on your PC.
Direct memory access (DMA) protection should beturned on.
How to turn on Device Encryption and BitLocker?
If your computer reaches all the requirements of these two tools, now, we’ll show you how to use them. Just as the above content shows, Windows Home users could only choose Device Encryption. So, you can check what version of your Windows, and then you can choose your way to encrypt.
To check your Windows version: Start button > System > About. Open About settings
Under Device specifications > System type, see if you're running a 32-bit or 64-bit version of Windows. And under Windows specifications, check which edition and version of Windows your device is running.
1. Turn on Device Encryption on Windows 11/10 Home
Step 1. Sign in to Windows with an administrator account (you may have to sign out and back in to switch accounts). For more info, see Create a local or administrator account in Windows.
Step 2. Select the Start button, then select Settings > Update & Security > Device encryption.
Step 3. If device encryption is turned off, select Turn on.
2. Turn on BitLocker
If you’re using Windows 11/10 version that supports BitLocker, like Win 11/10 Pro, you can choose a drive you want to lock by turning on BitLocker
Tip: Sign in to your Windows device with an administrator account, you may have to sign out and back in to switch accounts.
Step 1. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Or, select Start > Settings > Privacy & security > Device encryption > BitLocker drive encryption.
Step 2. Select Turn on BitLocker. You can choose the target drive to turn on BitLocker. Then follow the instructions.
During the process, you can choose how to back up your key. We suggest you save your key in a way you’re sure it’s reliable.
Does Windows 11Home have BitLocker?
After the above reading, you must know the answer. Windows 11 Home doesn’t support BitLocker.
But, Can’t Windows 11Home users use BitLocker to protect their privacy? Well, if you need to BitLocker encrypt drives on a Windows Home PC, the built-in tool is not your only choice. Then, how to turn on BitLocker on Windows 11 Home?
In this spot, we suggest you choose third-party software. AOMEI Partition Assistant Professional is your best partner to help you. The "BitLocker" function in this tool allows Windows Home users to BitLocker their drives, disks, and external devices. Even on Windows 7, you can easily BitLocker encrypt the target drives. What's more, to prevent key loss, you can save the key on another drive as a file orprint it.
Free DownloadWindows 11/10/8.1/8/7
100% Secure
Now, let's see how to use this handy tool to easily employ BitLocker on Windows.
Step 1. Install and launch AOMEI Partition Assistant. Click the "Tools" main tab and select "BitLocker".
Or, right-click the partition you want to encrypt and click the "BitLocker"->"Turn on BitLocker" option in the Context Menu.
Step 2. All drives on the system will be displayed, including operating system drives, fixed data drives, and removable drives. Please find the partition you would like to encrypt BitLocker and click the "Turn on BitLocker" option. (Here, we take the drive D: as an example.)
Tip: Currently, it only supports encrypting NTFS partitions. Other partition file systems, for example, FAT or FAT32 cannot be encrypted.
Step 3. Please set and confirm a password to encrypt the drive and click "Next".
📌 Notes:
1. Encrypt used disk space only (faster and best for new PCs and Drives): If you are setting up BitLocker on a new PC or a new drive, you only need to encrypt the part of the drive that is currently being used. And, BitLocker will automatically encrypt the newly-added data.
2. Disk encryption compatible mode (suitable for removable data drives): Windows 10 (version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides heavy integrity support but is not compatible with earlier versions of Windows.
If this is a removable drive to be used on an earlier version of Windows, you should select Compatible mode.
If this is a fixed drive, or if this drive will only be used on devices running at least Windows 10 (version 1511) or later, select the new encryption mode.
Step 4. Select a way to back up your recovery key. You can either select "Save to a file" or "Print the recovery key".
If you select "Save to a file", please choose a location on your PC to save the recovery key.
Tip: Please do not save the recovery key in the encrypted drive path. For example, it is unable to encrypt D: and save the recovery key on the same D: drive.
It will generate a TXT file with the name: Bitlocker Recovery Key + 45-bit Key. The recovery file will be saved in the TXT file. You can open the file to view the recovery key. Please keep the file. Then, please click the "Next" button to start the encryption process.
If you would like to encrypt your current system drive, you will be asked to restart your PC into Windows PE mode to execute the operation because it is the current system drive. The program will first create Windows PE and then boot the PC into Windows PE mode to encrypt the drive. After the encryption is finished, you can restart your PC.
Tip: AOMEI Partition Assistant will automatically detect whether your system has installed Windows AIK/ADK or not. If yes, it will start the Windows PE creation and then enter into WinPE to encrypt the drive. If not, please download and install Windows AIK/ADK first.
Step 5. The encryption process might take time to encrypt the drive. Before the process is finished, please do not terminate the program, remove the drive, or turn off the power.
Once the encryption process is finished, please click "Completed". Finally, the drive is BitLocker encrypted.
Final lines
What's your choice after you read " Windows Device Encryption VS BitLocker"? BitLocker has better encryption but the built-in tool doesn't allow Windows Home users to use it. So, if you need it, AOMEI Partition Assistant is a great alternative for you. Besides the BitLocker alternative, it's all-in-one disk management for Windows users.
You can clone disk, move installed apps to another drive, clean junk files, convert file system between NTFS and FAT 32, convert disk to MBR/GPT without cleaning data, and so on. With its help, you can easily be an expert on your PC and manage your devices orderly.
