HSC Students - Turn on BitLocker Encryption - Windows 10 Professional and 10 Education

Important Notes regarding BitLocker

• Store your personal BitLocker key in a secure location and always accessible location (not your OUHSC account). When turning on BitLocker you will be presented with a BitLocker key. OU IT is not able to access your personal BitLocker key. 
• Back up your personal data to an alternate location.
• Your device will need to be re-imaged if you forget your personal BitLocker key. OU IT is not responsible for lost data as a result of re-imaging or forgetting the BitLocker key.

Before you can turn on BitLocker encryption for Windows, you will need to verify a few things.

• Your computer must have at least the following hardware specifications:
  • Processor: Intel i5 or better
  • Memory: 8GB RAM or better
  • Storage: 256GB Hard Drive (Solid State)
  • Screen size: 13" or higher
  • Connectivity: WiFi and Bluetooth
  • Expansion: USB 3 or higher
• You have backed up your data to an external device.
• Your computer is running Windows 10 Education, Windows 10 Pro, Windows 11 Education or Windows 11 Pro.
• If your computer is running one of the supported Windows systems, proceed below:

Update Your Computer

1. Click the Windows start button and then click “Settings” (gear icon).
   

2. Click “System” (upper left corner).
   

3. Scroll down on the left side; click “About.” scroll down on the right to “Windows specifications” and verify you’re on Windows 10 Education, Windows 10 Professional, Windows 11 Education or Windows 11 Professional.
   

4. Click “Settings” in the upper left corner.
   

5. For Windows 10, click “Updates & Security”. For Windows 11, click Windows Update.
   

6. Click “Advanced options”.
   

7. Under “Update options,” turn ON updates for other Microsoft products. Under “Update notifications,” turn ON notifications for restarts (in some versions of Windows 10, notifications and options have merged to “Update Options”).
   

8. Click “Settings” in the upper left corner.
   
    

9. You should be on the “Windows Update” window. Click “Check for updates”.
   

10. Updates will install and Windows will probably need to restart.
    

11. Once Windows restarts, sign back in.

12. Click the Windows start button; click “Settings” (gear icon).
    

13. For Windows 10, click “Updates & Security”. For Windows 11, click Windows Update.
    

14. Click “Check for updates”.
    

15. Repeat the above update steps until the message states, “You’re up to date”.

16. Close “Settings.”

17. Click the Windows Start button; type bitlocker and then press the Enter key.
    

18. In the Bitlocker Drive Encryption window, click “Turn on Bitlocker.”
    

19. As Bitlocker prepares to encrypt your hard drive, you will be asked how you want to back up the recovery key. Your recovery key is very very very important. It is a 48-digit key that helps you unlock your device if you ever get locked out with a blue Bitlocker screen. Please slow down on this step and make sure you save a copy of your 48-digit Bitlocker Recovery Key before continuing. Store your personal BitLocker key in a secure location and always accessible location (NOT your OUHSC account). When turning on BitLocker you will be presented with a BitLocker key. OU IT is not able to access your personal BitLocker key. Your device will need to be factory reset if you forget your personal BitLocker key. OU IT is not responsible for lost data as a result of factory resets or forgetting the BitLocker key.

    Here is what you will see after you do Step 18 above:

20. Pick one (1) of these options to save/store your Bitlocker Recovery Key: a) In your personal Microsoft account, b) on a printout, or c) on a USB flash drive.

21. After the recovery key has been saved, you’ll be back at the previous window, click “Next.”
    

22. When asked to choose how much of your drive to encrypt, select “Encrypt used disk space only” and click “Next.”
    

23. When asked to choose an encryption mode, select “New encryption mode” and click “Next.”
    

24. When asked if you’re ready to encrypt your drive, select “Run Bitlocker system check” and click “Continue.”
    

25. When the check has finished, and Windows is ready to encrypt the hard drive, you’ll see a notification in the lower right corner stating you’ll need to restart the computer (If the message goes away, click on the up arrow, click on the little lock with a caution sign to see the message). Click on the message.
    

26. Click “Restart now.”
    

27. Once Windows restarts, sign back in.

28. Click on the up arrow on the lower right side of the system tray and click the little lock.
    

29. You’ll see a progress bar of how much the drive has been encrypted.
    

30. You’ll see a message stating that your computer’s hard drive has been encrypted. Click “Close.”
    

Next Steps - Install and Configure Sassafras

With BitLocker now configured and active, you will need to set up and register your computer with the Sassafras encryption monitoring client.