Article Number: 000124701
This article provides information about automatic and manual Device Encryption for Dell Systems.
Table of Contents:
Windows device encryption is a security feature in Microsoft Windows that helps protect your data by encrypting the system drive. If device encryption is enabled, only authorized individuals can access your device and data.
System Requirements
Devices that support encryption meet multiple hardware and software requirements :
You can check Windows System Information to see if the system supports device encryption: Type System Information into the search box on the taskbar. In the results list, right-click on System Information and select Run as administrator. Scroll down to Device Encryption Support. If the system supports device encryption it shows Meets prerequisites.
Automatic Device Encryption
Automatic device encryption allows Windows to encrypt the system drive automatically after you completed the setup of your system. This occurs similar to smartphones and is seamless for the user. Automatic device encryption is only enabled on systems that meet above system requirements and support Connected Standby or Modern Standby specifications . These require solid-state storage (SSD or eMMC) and nonremovable (soldered) RAM.
Automatic device encryption only starts after the Out-Of-Box Experience (OOBE) is completed and a Microsoft Account (MSA) is used on the system (e.g. use MSA for Windows login, add MSA as email, app, and work or school account, log in to the Microsoft Store app with MSA, redeem or activate Microsoft Office or other Microsoft applications with MSA).
Windows Device Encryption/BitLocker can also be enabled manually:
Click the Start button, select Settings > Update & Security > Device Encryption. If device encryption is turned off, click select Turn on.
You are prompted to back up your recovery key. Dell recommends saving the recovery key to USB drive and not to the system drive.
If Device Encryption is not shown, the system may not meet device encryption requirements. Verify that the System Requirements are met.
Back to TopBefore making a change that might trigger a BitLocker Recovery Key, ensure that a recovery key was safely backed up before activating BitLocker protection. Make sure any backed-up recovery key is accessible from another system if a motherboard replacement is required on your system.
There are several places that your recovery key may be found, depending on the choice that was made when activating BitLocker:
Device encryption should be suspended before the system is serviced either onsite or returned to a service center. The device encryption must be suspended before flashing the system BIOS and when a motherboard or system drive replacement is expected.
Windows 10 Home | Windows 10 Pro |
---|---|
Right-click the Start button, and select Windows. PowerShell (Admin) |
Select Control Panel > System and Security > BitLocker Drive Encryption |
Type: manage-bde -protectors -disable C: | Select Suspend Protection on drive C |
![]() |
![]() |
Difference Between Suspending and Disabling Encryption
Suspension provides a quick option to temporarily disable the protection on the system drive for servicing. The process only takes a few seconds to complete and ensures that the drive content is still protected from unauthorized access yet allows system repair/maintenance to take place.
Decryption permanently removes the protection and makes the content accessible to anybody who can access the drive. Also, decrypting a drive is time consuming: Microsoft estimates that it takes approximately 1 minute per 500 MB of drive space. The device decryption should only be used prior to restoring a Windows image.
Back to TopSome servicing scenarios will require a recovery key to regain access to Windows after the repair was finished.
The recovery key is automatically saved to your Microsoft Account (MSA) when the device is encrypted and can be retrieved from https://account.microsoft.com/devices/recoverykey . It is good practice to verify that the recovery key is listed in your account before servicing the system.
If you do not see your device that is listed, check if Device Encryption is enabled on the device, and refer to: Find my BitLocker recovery key.
Additional information:
Back to TopThere are several options to verify the device encryption status in Microsoft Windows:
Additional information is available on Microsoft’s support portal.
There is no hardware fault with the system and this error is the normal result of attempting an image restore on an encrypted drive.
The error can be resolved by disabling Microsoft BitLocker before attempting to restore the factory image.
If you cannot enter Windows to decrypt the drive, a Windows Reinstall will need to take place.
If you have further questions about this article, contact Dell Technical Support.
Back to TopSecurity, Software
21 Feb 2021
3
Solution