Turn On or Off Device Encryption on Windows 11

You will learn how to turn on or off device encryption. Besides, you can password protect your data without a Microsoft passport key.

By @Ivy Last Updated May 9, 2024

Overview of device encryption

Device encryption is a process of encrypting data using one or more mathematical techniques and helps you protect your data against unauthorized access and prying eyes or being stolen. 

And it is available in a wide range of modern security systems on Windows computers, but not all the Windows 11 editions. If you want to use it, your computer needs to meet the following requirements. If it is not available on your device, you could consider using the standard Bitlocker.

  • TPM 2.0 with support for Modern Standby.
  • TPM must be enabled on UEFI/BIOS mode.

After encrypted, only authorized people can access your data on this device. However, Microsoft will not tell you a passport directly as some experts believe the key will be stored in your account. As a result, your data will be lost when the system crashes or disk is corrupted.

So you can choose to turn on device encryption to protect data safely or turn off device encryption to ensure you will not suddenly lose data. And it's not possible to decrypt data without a key, but you can at least stop Microsoft’s Auto-Encryption process in Windows 11 to ensure that your data is recoverable in times of system failure. 

How do I know if my computer supports Device encryption? 

Although I have previously described the requirements for Device encryption, you may still not know if your computer support Device encryption. If so, please follow the steps below.

Step 1. Type system information in the search box, select the top result and Run as administrator. 

Step 2. In the System Information window, select System Summary at the left.

Step 3. Go to the right side, find out the Device Encryption Support item and check its Status.

>> If it shows Meet prerequisites, your computer support Device encryption. 

>> If it shows Reason for failed device encryption, your PC doesn’t support device encryption. In this case, you could consider using Bitlocker as instead (except for Windows 11 Home edition). 

How to turn on or off  Device encryption in Windows 11

As I said before, you can choose to turn on or off Device encryption, depending on your purpose. It is applicable to Windows 11 Home, Professional, Enterprise, and Education. Here I'll show you both of them. 

Step 1. Go to the Device encryption window. 

  • Press Win + I to open Settings and select Privacy & Security.
  • Click on Device Encryption on the right panel. 

Step 2. Slide the Off button next to Device encryption and it will start to encrypt your device until completed. 

After completion, the switch becomes On. To disable device encryption in Windows 11, slide this button and then you will be told your files won't be protected, click Turn off

Helpful Tip

You cannot decrypt your data without a recovery key. Thus, please backup the Bitlocker recovery key after you enable Device encryption in Windows 11.

  • Open the Device encryption window.
  • Scroll down to the Related section and click Bitlocker drive encryption.   
  • Go to the Operating system drive section, and click Back up your recovery key. Then, select Save to a file.
  • Select external drive to save this file and click Save

How to turn on or off Bitlocker Device encryption in Windows 11

If the Device encryption is not showing in the previous method, then your computer does not support it. In this case, you can choose to encrypt data with Bitlocker. It uses Advanced Encryption Standard (AES) encryption algorithm with 128 or 256 bit keys for data encryption in the entire drive or only used space of it. And it still requires a BitLocker password or recovery key for decryption. 

There are two types 2 encryption types you can use in Windows 11:

BitLocker Drive Encryption: It is used to encrypt the system drive with a BitLocker password or key and you need to input it every time at startup, otherwise, you cannot access the Windows and data on it.
BitLocker To Go: It is to encrypt external drives, such as, USB flash drives and external hard drive. Similarly, you will be asked to enter the password or key to unlock the device before you can access it on a computer. And it can be unlocked on any Windows or macOS computer. 

Then, see below and learn to enable or disable Bitlocker device encryption.

Step 1. Open Bitlocker drive encryption window, you have 2 ways in the following. 

#1: Through Bitlocker Manager. Type Manage BitLocker in the search box and then click Open at the right panel. 

#2: Through Windows Settings. Open Settings and click System, then navigate to About and click BitLocker settings.

Step 2. In the Bitlocker Drive Encryption window, go to the Operating system drive and click Turn On BitLocker. To disable it, click Turn On Off BitLocker.

Besides, you can still turn on or off BitLocker using command prompt. Press cmd in the search box and click Run as administrator. Here take C: as the drive you want to unlock: 

To enable Bitlocker encryption, type manage-bde -on C: and hit Enter. 

To disable Bitlocker encryption, type manage-bde -off C: and hit Enter. 

Flexible way to password protect your data 

Device encryption and Bitlocker device encryption are indeed helpful for data security, but they may result in irrevocable data loss when the system crashes or the disk is corrupted. So what can we do to protect data and be sure it's recoverable in the event of a system failure?

You consider using a reliable file backup software - AOMEI Backupper ProfessionalUnlike the built-in encryption methods, it allows you to backup files and encrypts only the backed up files. And you customize a password that you can easily remember. No one knows it unless you tell them. And you can enjoy the following advantages:

Password protect files or folders automaticaly, you can use daily, weekly, monthly, event triggers or USB plug in feature.
Backup only changed files with incremental backup or different backup. 
Always keep enough space for new backups by deleting old backup images with one of the automatic backup cleanup methods. It's the most thorough way to resolve the backup disk full issue. 
Backup files without booting into Windows: It allows you to create bootable media or recovery environment. Both of them helps you boot the computer and backup files in the recovery environment if you want. 

To get started, please download this software now! It supports Windows 11/10/8.1/8/7/XP and Vista. For server users, try AOMEI Backupper Server.

Download Free trialWin 11/10/8.1/8/7/XP
Secure Download
PS: The free trial version can only be used within 30 days and if you want to continue using it backup files, it's suggested to upgrade pro trial version. And this page provides users with a 10% discount. 

Step 1. Launch AOMEI Backupper Professional and click Backup > File Backup.

Step 2. Click Add File or Add Folder to select the files you want to backup. Then, choose a destination path to store your files. 

Step 3. To encrypt your files, click Options and click Enable encryption for backups. Now you can type your password and confirm it once again.

Step 4. Confirm all your settings and click Start Backup to run the operation.

 Since single backup only backup files are currently on the disk not including changes made later. Thus, it's suggested to enable schedule backup and backup scheme. The previous one helps you backup files automatically while the last is to manage disk space.

For schedule backup, you have 5 options, including Daily, Weekly, MonthlyEvent Triggers, and USB plug in features. And the last one is strongly recommended if you backup files to an external hard drive but don't want to keep it always connected.  

For backup scheme, you can choose the backup and cleanup methods. Both incremental backup and differential backup help you backup only changed files and save disk space. But the previous backup method has higher requirement for file recovery.

How to backup files to AOMEI Cloud

As cloud storage is becoming more and more popular, AOMEI offers users its own cloud - AOMEI Cloud. After you sign up for an AOMEI account, you can use 1TB storage for free within 15 days. Just click Backup > Cloud Backup to backup files to AOMEI Cloud.

Conclusion

Device encryption and Bitlocker device encryption in Windows 11 help to protect your data, that sounds good, but in the event of a system problem, it can be a disaster if you don't have the password or recovery key. Thus, it's suggested to backup encrypt key immediately after encrypting files.

If you want one flexible method, try file backup software - AOMEI Backupper Professional. It not only passwords protect files, but makes it automatically and intelligently with help of multiple features, such as, incremental or differential backup, USB plug in, automatic backup cleanup, etc. All in all, it's worth trying software to protect data in the long-term!