Privacy and Security Turn On BitLocker for Fixed Data Drive in Windows 11

  • Staff

This tutorial will show you how to turn on BitLocker to encrypt a fixed data drive in Windows 11.

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

You can choose to unlock BitLocker for a fixed data drive automatically if BitLocker is turned on for OS drive, or with a password or smart card.

You must be signed in as an administrator to turn on BitLocker Drive Encryption for a fixed data drive.

BitLocker Drive Encryption is only available in the Windows 11 Pro, Enterprise, and Education editions.

EXAMPLE: BitLocker turned on for fixed data drive in File Explorer > This PC, and if you choose to unlock fixed data drive with password


Here's How:

1 If you like, set a default encryption method (XTS-AES or AES-CBC) and cipher strength (128 bit or 256 bit) you want used by BitLocker.

BitLocker Drive Encryption uses AES-CBC 128 bit by default for fixed data drives.

XTS-AES 256 bit offers the strongest encryption strength available for BitLocker.

2 Right click or press and hold on the fixed data drive (ex: "E") you want to encrypt with BitLocker, and click/tap on Turn on BitLocker. (see screenshot below)


3 Check password, smart card, and/or automatically for you want to unlock the fixed data drive. (see screenshot below)

A password requires at least 8 characters.

Automatically unlock this drive on this computer will only be available if you turned on BitLocker for the operating system drive.


4 Select Microsoft account, USB, file, and/or print for how you want to back up your BitLocker recovery key for this fixed data drive. (see screenshot below)

Microsoft account = This option is only available if you are signed in to Windows 11 with a Microsoft account. It will save the BitLocker recovery key to your Microsoft account online at

USB flash drive = This option will save the BitLocker recovery key to a selected USB flash drive.

File = This option will save the BitLocker recovery key to a TXT file at a folder location you select.

Print = This option will print the BitLocker recovery key to the selected printer.


5 When finished backing up your BitLocker recovery key where you want, click/tap on Next. (see screenshot below)


6 Select (dot) Encrypt used disk space only or Encrypt entire drive for how much of your drive to encrypt right now, and click/tap on Next. (see screenshot below)

It is recommended to select Encrypt entire drive.


7 Select (dot) which encryption mode to use, and click/tap on Next. (see screenshot below)

If you did step 1 above to set a default encryption method and cipher strength, then you will not have this setting available since BitLocker will use what you set in step 1 instead.

New encryption mode (XTS-AES 128-bit) = Select this mode if this is a fixed drive or if this drive will only be used on devices running Windows 10 or Windows 11.

Compatible mode (AES-CBC 128-bit) = Select this mode if this is a removable drive that you're going to use on an older version of Windows (ex: Vista, Windows 7, or Windows 8/8.1).


8 Click/tap on Start encrypting when ready. (see screenshot below)


9 The fixed data drive will now start encrypting. (see screenshot below)

This could take a long time to finish depending on the size of the drive and how much data on the drive is being encrypted.


10 When encryption has finished, click/tap on Close. (see screenshot below)


That's it,
Shawn Brink



  • BitLocker_drive.png
    5.3 KB · Views: 126
Last edited:
Top Bottom