This article provides information on automatic and manual Device Encryption for Dell Systems.
Windows device encryption is a security feature in Microsoft Windows that helps protect your data by encrypting the system drive. If device encryption is enabled, only authorized individuals will be able to access your device and data.
Devices that support encryption meet multiple hardware and software requirements:
You can check Windows System Information to see if the system supports device encryption: Type System Information into the search box on the taskbar. In the results list, right-click on System Information and select Run as administrator. Scroll down to Device Encryption Support. If the system supports device encryption it will show Meets prerequisites.
Automatic device encryption allows Windows to encrypt the system drive automatically after you completed the setup of your system. This occurs very similar to smartphones and is completely seamless for the user. Automatic device encryption however is only enabled on systems that meet above system requirements and support Connected Standby or Modern Standby specifications, which require solid-state storage (SSD or eMMC) and non-removable (soldered) RAM.
Automatic device encryption only starts after the Out-Of-Box Experience (OOBE) is completed and a Microsoft Account (MSA) is used on the system (e.g. use MSA for Windows logon, add MSA as email, app and work/school account, log into the Microsoft Store app with MSA, redeem/activate Microsoft Office or other Microsoft applications with MSA).
Windows Device Encryption/BitLocker can also be enabled manually:
Click on the Start button, select Settings > Update & Security > Device Encryption. If device encryption is turned off, click select Turn on.
You will be prompted to back-up your recovery key. Dell recommends saving the recovery key to USB drive and not to the system drive.
If Device Encryption is not shown the system may not meet device encryption requirements. Verify the System Requirements are met.
Device encryption should be suspended before the system is serviced either onsite or returned to a service center. The device encryption must also be suspended prior to flashing the system BIOS and when a motherboard or system drive replacement is expected.
|Windows 10 Home||Windows 10 Pro|
|Right-click the Start button, and select Windows
|Select Control Panel > System and Security > BitLocker Drive Encryption|
|Type manage-bde -protectors -disable C:||Select Suspend Protection on drive C|
Suspension provides a quick option to temporarily disable the protection on the system drive for servicing. The process only takes a few seconds to complete and ensures that the drive content is still protected from unauthorized access yet allows system repair/maintenance to take place.
Decryption permanently removes the protection and makes the content accessible to anybody who can access the drive. Additionally, decrypting a drive is time consuming: Microsoft estimates that it takes approximately 1 minute per 500 MB of drive space. The device decryption should only be used prior to restoring a Windows image.
Some servicing scenarios will require a recovery key to regain access to Windows after the repair was finished.
The recovery key is automatically saved to your Microsoft Account (MSA) when the device is encrypted and can be retrieved from https://account.microsoft.com/devices/recoverykey. It is good practice to verify the recovery key is listed in your account before servicing the system.
If you don’t see your device listed, check if Device Encryption is enabled on the device, and refer to: Find my BitLocker recovery key
There are several options to verify the device encryption status in Microsoft Windows:
Additional information are available on Microsoft’s support portal
There is no hardware fault with the system and this error is the normal result of attempting an image restore on an encrypted drive.
The error can be easily resolved by disabling Microsoft BitLocker before attempting to restore the factory image.
If you are not able to enter Windows to deycrypt the drive, a Windows Reinstall will need to take place.
Article ID: SLN299056
Last Date Modified: 02/05/2019 12:38 PM
Thank you for your feedback.