Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

About Protecting Data with Windows 8

BitLocker
Microsoft BitLocker Drive Encryption technology uses the
strongest publicly available encryption to protect your computers
data, and prevents others from accessing your disk drives without
authorization.
BitLocker To Go prevents unauthorized access to your portable
storage drives, including Universal Serial Bus (USB) flash drives, also
known as thumb drives.
When you install Windows 8, you can use the Setup program to
enable BitLocker. If you didnt enable BitLocker when you installed
Windows 8, you can use this guide to walk you through the process.
You can also use this guide to learn how to suspend BitLocker or
encrypt portable drives with BitLocker To Go.
Topics in this guide include:

Preparing to Turn BitLocker On

Backing Up Files

Turning BitLocker On

Suspending BitLocker Protection

Encrypting a Portable Drive with BitLocker To Go

Managing BitLocker To Go
Customization note: This document contains guidance and/or step-by-step installation instructions that can be reused, customized, or
deleted entirely if they do not apply to your organizations environment or installation scenarios. The text marked in red indicates either
customization guidance or organization-specific variables. All of the red text in this document should either be deleted or replaced prior to

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 1 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

distribution.

Preparing to Turn BitLocker On

All new systems that <<organization name>> provides are ready for BitLocker Drive Encryption. However, before you turn BitLocker on,
connect to the corporate network and join your computer to a corporate domain (if it isnt already joined). When your computer is joined to the
corporate domain, you can store your recovery information in << local storage URL>>. You can use this recovery information in the event of a
random failure or operating-system or BIOS change.

Backing Up Files
<<Organization name>> IT provides several solutions for backing up your data. Before enabling BitLocker on your computer, see the Backing
Up Your Data Work Smart Guide: << insert URL or file location >>.

Turning BitLocker On
After you join your computer to the corporate network and connect to the corporate domain, you can turn BitLocker on. BitLocker then turns on
your computers Trusted Platform Module (TPM) chip, which is a microchip that enables your computer to utilize advanced security features.
Initially, when you start BitLocker, you can create a personal identification number (PIN) that you can use each time you start your computer.
This additional protection is optional, but IT requires it if you want to use DirectAccess for remote access.

Note If youre using a Slate PC, you are not required to create a PIN.

Turn BitLocker On
1

In the Start screen, type Control Panel, and then tap or click the Control Panel app on the left side of the screen (or press
ENTER) to open it.

In the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.

In the BitLocker Drive Encryption dialog box, tap or click Turn on BitLocker.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 2 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

Note
If the Trusted Platform Module (TPM) chip on your computer hasnt been turned on, you may see additional screens that walk you
through the process of turning on the TPM chip.

In the Choose how to unlock your drive at startup screen, tap or click Enter a PIN (recommended). A PIN is required if you want
to use DirectAccess as a remote access solution.

In the Enter a PIN screen, enter a PIN, re-enter it to confirm it, and then tap or click Set PIN.

In the How do you want to back up your recovery key? screen, tap or click Save to a file.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 3 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

In the Save BitLocker recovery key as dialog box, enter <<network storage path or URL>> in the path box. After selecting the
correct folder or storage location, tap or click Save, and then tap or click Next in the How do you want to back up your recovery
key? dialog box.

In the Choose how much of your drive to encrypt screen, pick one of the options, and then tap or click Next.

Note
IT recommends that you choose the Encrypt used disk space only option for fast encryption. There is no risk of data loss.

In the Are you ready to encrypt this drive? screen, tap or click Continue.

10

When youre prompted to restart your computer, tap or click Restart now.

11

After your computer restarts, enter your BitLocker PIN, and then press ENTER.

12

Slide the Windows 8 Lock screen up, and then log on using your network password.

13

Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.
The BitLocker Drive Encryption dialog box shows that BitLocker is turned on (the command changes to Turn off BitLocker).

Notes

You can continue to use your computer during the encryption process.

After BitLocker is enabled, each time that you attempt to log on to your computer, you will need to enter your BitLocker PIN before
Windows starts. If you have any issues accessing your computer, contact << helpdesk contact or technical support URL>>.

If youre using a Slate PC, you are not required to create a PIN.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 4 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

Suspending BitLocker Protection

On occasion, you may need to suspend BitLocker. For example, you might need to do a hardware upgrade or basic input/output system (BIOS)
updates. When you suspend BitLocker, Windows disables protection on your system. You wont need to enter your PIN to start your computer,
but your data will be unprotected.
You can perform all updates and system changes by suspending BitLocker protection. You typically do not need to turn BitLocker off for any
reason other than to decrypt your drive.

Suspend BitLocker
1

Open the Control Panel, and then tap or click System and Security.

Tap or click BitLocker Drive Encryption, and then tap or click Suspend protection. When prompted to confirm, tap or click Yes.

Note
After one reboot, BitLocker is automatically turned on again.

Resume BitLocker
1

Open the Control Panel, and then tap or click System and Security.

Tap or click BitLocker Drive Encryption, and then tap or click Resume protection.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 5 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

Decrypt Your Drive

1

Open the Control Panel, and then tap or click System and Security.

Tap or click BitLocker Drive Encryption, and then tap or click Turn off BitLocker.

You can continue to use your computer during the decryption process.

Encrypting a Portable Drive with

BitLocker To Go
When you encrypt a portable drive with BitLocker To Go, you can set it to unlock by using a password or your smart card.
Password encryption requires that you enter an 8-character password during the setup process. IT recommends a xx-character password to
minimize the risk of someone reading or modifying data on a lost or stolen device. This password does not expire. You will not need to reset or
change the password unless you want to. You can also use the auto-unlock feature to avoid having to enter a password each time you use the
portable drive. For more information, see Managing BitLocker To Go later in this guide.
Smart card encryption is more secure and requires additional steps. To use smart card encryption, you encrypt the device using your smart card
and a PIN. You can only share this information with someone who has a smart card reader, and you must insert your smart card and enter your
PIN to unlock the portable drive.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 6 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

To turn on BitLocker To Go:

Connect to the corporate network.

Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.

If you havent already done so, insert the portable drive (USB drive, SC card, SD/MMC card, etc.) into the appropriate slot. The portable
drive will appear in the BitLocker Drive Encryption dialog box in the Removable data drives section.

Tap or click Turn on BitLocker.

In the Choose how you want to unlock this drive screen, select one of the following options.

If you want to use a password to unlock the drive, select the Use a password to unlock the drive check box, enter
your password twice, and then tap or click Next.

If you want to use a smart card to unlock the drive instead, select the Use my smart card to unlock the drive check
box, insert your smart card, and then tap or click Next.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 7 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

In the How do you want to back up your recovery key? screen, tap or click Save to a file.

In the Save BitLocker recovery key as dialog box, enter <<network storage path or URL>> in the path box.

Tip
BitLocker suggests a filename to use. You can edit this filename to distinguish it from any other recovery keys that you may acquire for
additional portable drives.

In the How do you want to store your recovery key screen, Windows shows that your recovery key has been saved. Tap or click

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 8 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

Next.

In the Choose how much of your drive to encrypt screen, tap or click one of the options, and then tap or click Next.

Note
IT recommends choosing the Encrypt used disk space only option for fast encryption. There is no risk of data loss.

In the Are you ready to encrypt this drive? screen, tap or click Start encrypting.
An encryption progress dialog box will appear, followed eventually by a completion notice. If you remove the portable drive and then
reinsert it, you will be prompted for a password if you chose password protection. If you chose smart card protection, you will need to
insert your smart card in your smart card reader and enter your smart card PIN.

Notes

The time required to encrypt a portable drive with BitLocker To Go varies depending on the drive size, your connection speed,
and the technology you use, such as External Serial Advanced Technology (eSATA), FireWire, USB, or USB 2.0. You can continue to use
your computer during the encryption process.

Each time you attempt to use the drive, you will need to enter the password or smart card unless you set up BitLocker To Go to
unlock the drive automatically. If you have any issues accessing your drive, contact << helpdesk contact or technical support URL>>.

If you want to change the password for a portable drive or change the auto-unlock feature, see the Managing BitLocker To Go
section of this guide.

>>.

All recovery keys are stored in Active Directory and can be obtained via the self-help process in << insert URL or file location

Managing BitLocker To Go
After you encrypt a portable drive, you may want to back up or print a recovery key, change a password, remove a password, add a smart card
to unlock the drive, enable or disable the auto-unlock feature, or turn BitLocker off.
To do any of these tasks:

Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.

In the BitLocker Drive Encryption dialog box, select the appropriate BitLocker option.

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 9 of 10

Work Smart: Protecting Data with Windows 8

BitLocker
Get Started

Note
To print this Work Smart Guide, press CTRL+P.

For More Information

Windows 8
http://windows.microsoft.com/en-US/windows-8/get-started

Microsoft User Experience Virtualization (UE-V)

http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/virtualization/UE-V.aspxl

More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION
IN THIS DOCUMENT. 2012 Microsoft Corporation. All rights reserved.

Page 10 of 10