Follow the next steps to enable Bitlocker:
- Enable BitLocker:
-
Open Control Panel.
-
Click the BitLocker Drive Encryption icon.
-
Click the Turn on BitLocker option.
-
Select the desired option to back up the recovery key.
-
Click the Next button. Select the desired method of encryption (used disk space only or the entire drive).
-
Click the Next button.
-
Select the desired encryption mode (new encryption or compatible).
-
Click the Next button.
-
If desired, check the Run BitLocker system check option.
-
Click the Start encrypting button.
- Enable the pre-boot PIN:
-
Open the Local Group Policy Editor (press the key combination Windows + R, type gpedit.msc and press Enter).
-
Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
-
Double-click the Require additional authentication at the startup option.
-
Select Enabled.
-
In the Options window, under Configure TPM startup PIN, select Require startup PIN with TPM.
-
Click the OK button.
-
Double-click the Enable use of BitLocker authentication requiring preboot keyboard input on the slates option.
-
Select Enabled.
-
Click the OK button.
The result should be as below.
-
Set the desired PIN:
-
Open a Command Prompt with administrator rights (in the search bar, type cmd, click and hold the Command Prompt icon and select Run as administrator). You must see Administrator: Command Prompt in the window title.
-
Type manage-bde -protectors -add c: -TPMAndPIN and press Enter.
-
Enter the desired PIN and press Enter.
-
Repeat the same PIN to confirm and press Enter.
-
The result should be as below.
