More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 1 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
About Protecting Data with Windows 8 BitLocker
Microsoft
®
BitLocker
®
Drive Encryption technology uses the strongest publicly
available encryption to protect your computer’s data, and prevents others from
accessing your disk drives without authorization.
BitLocker To Go
®
prevents unauthorized access to your portable storage
drives, including Universal Serial Bus (USB) flash drives, also known as “thumb
drives.”
When you install Windows 8, you can use the Setup program to enable
BitLocker. If you didn’t enable BitLocker when you installed Windows 8, you
can use this guide to walk you through the process. You can also use this
guide to learn how to suspend BitLocker or encrypt portable drives with
BitLocker To Go.
Topics in this guide include:

 Preparing to Turn BitLocker On
 Backing Up Files
 Turning BitLocker On
 Suspending BitLocker Protection
 Encrypting a Portable Drive with BitLocker To Go
 Managing BitLocker To Go
Customization note: This document contains guidance and/or step-by-step
installation instructions that can be reused, customized, or deleted entirely if
they do not apply to your organization’s environment or installation
scenarios. The text marked in red indicates either customization guidance or
organization-specific variables. All of the red text in this document should
either be deleted or replaced prior to distribution.
Preparing to Turn BitLocker On

All new systems that <<organization name>> provides are ready for
BitLocker Drive Encryption. However, before you turn BitLocker on, connect to
the corporate network and join your computer to a corporate domain (if it
isn’t already joined). When your computer is joined to the corporate domain,
you can store your recovery information in << local storage URL>>. You can
use this recovery information in the event of a random failure or operating-
system or BIOS change.
Backing Up Files

<<Organization name>> IT provides several solutions for backing up your
data. Before enabling BitLocker on your computer, see the Backing Up Your
Data Work Smart Guide: << insert URL or file location >>.
Turning BitLocker On

After you join your computer to the corporate network and connect to the
corporate domain, you can turn BitLocker on. BitLocker then turns on your

computer’s Trusted Platform Module (TPM) chip, which is a microchip that
enables your computer to utilize advanced security features.




More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 2 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
Initially, when you start BitLocker, you can create a personal identification
number (PIN) that you can use each time you start your computer. This
additional protection is optional, but IT requires it if you want to use
DirectAccess
®
for remote access.
Note If you’re using a Slate PC, you are not required to create a PIN.
Turn BitLocker On
1
In the
Start
screen, type
Control Panel
, and then tap or click
the Control Panel app on the left side of the screen (or press
ENTER) to open it.


2 In the Control Panel, tap or click System and Security, and then tap
or click BitLocker Drive Encryption.
3 In the BitLocker Drive Encryption dialog box, tap or click Turn on
BitLocker.

Note
If the Trusted Platform Module (TPM) chip on your computer hasn’t
been turned on, you may see additional screens that walk you
through the process of turning on the TPM chip.
4 In the Choose how to unlock your drive at startup screen, tap or
click Enter a PIN (recommended). A PIN is required if you want to
use DirectAccess as a remote access solution.

5 In the Enter a PIN screen, enter a PIN, re-enter it to confirm it, and
then tap or click Set PIN.
6 In the How do you want to back up your recovery key? screen, tap
or click Save to a file.




More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 3 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started

7 In the Save BitLocker recovery key as dialog box, enter <<network
storage path or URL>> in the path box. After selecting the correct
folder or storage location, tap or click Save, and then tap or click
Next in the How do you want to back up your recovery key?
dialog box.
8 In the Choose how much of your drive to encrypt screen, pick one
of the options, and then tap or click Next.
Note
IT recommends that you choose the Encrypt used disk space only
option for fast encryption. There is no risk of data loss.
9 In the Are you ready to encrypt this drive? screen, tap or click
Continue.
10 When you’re prompted to restart your computer, tap or click Restart
now.
11 After your computer restarts, enter your BitLocker PIN, and then press
ENTER.
12 Slide the Windows 8 Lock screen up, and then log on using your
network password.
13 Open the Control Panel, tap or click System and Security, and then
tap or click BitLocker Drive Encryption.
The BitLocker Drive Encryption dialog box shows that BitLocker is
turned on (the command changes to Turn off BitLocker).

Notes
• You can continue to use your computer during the encryption process.
• After BitLocker is enabled, each time that you attempt to log on to
your computer, you will need to enter your BitLocker PIN before
Windows starts. If you have any issues accessing your computer,
contact << helpdesk contact or technical support URL>>.
• If you’re using a Slate PC, you are not required to create a PIN.

Suspending BitLocker Protection
On occasion, you may need to suspend BitLocker. For example, you might
need to do a hardware upgrade or basic input/output system (BIOS) updates.
When you suspend BitLocker, Windows disables protection on your system.
You won’t need to enter your PIN to start your computer, but your data will be
unprotected.




More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 4 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
You can perform all updates and system changes by suspending BitLocker
protection. You typically do not need to turn BitLocker off for any reason
other than to decrypt your drive.
Suspend BitLocker
1 Open the Control Panel, and then tap or click System and Security.
2 Tap or click BitLocker Drive Encryption, and then tap or click
Suspend protection. When prompted to confirm, tap or click Yes.

Note
After one reboot, BitLocker is automatically turned on again.
Resume BitLocker
1 Open the Control Panel, and then tap or click System and Security.

2 Tap or click BitLocker Drive Encryption, and then tap or click
Resume protection.

Decrypt Your Drive
1 Open the Control Panel, and then tap or click System and Security.
2 Tap or click BitLocker Drive Encryption, and then tap or click Turn
off BitLocker.

You can continue to use your computer during the decryption process.
Encrypting a Portable Drive with
BitLocker To Go

When you encrypt a portable drive with BitLocker To Go, you can set it to
unlock by using a password or your smart card.
Password encryption requires that you enter an 8-character password during
the setup process. IT recommends a xx-character password to minimize the
risk of someone reading or modifying data on a lost or stolen device. This
password does not expire. You will not need to reset or change the password
unless you want to. You can also use the auto-unlock feature to avoid having
to enter a password each time you use the portable drive. For more
information, see “Managing BitLocker To Go” later in this guide.




More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 5 of 7


Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
Smart card encryption is more secure and requires additional steps. To use
smart card encryption, you encrypt the device using your smart card and a
PIN. You can only share this information with someone who has a smart card
reader, and you must insert your smart card and enter your PIN to unlock the
portable drive.
To turn on BitLocker To Go:
1 Connect to the corporate network.
2 Open the Control Panel, tap or click System and Security, and then
tap or click BitLocker Drive Encryption.
3 If you haven’t already done so, insert the portable drive (USB drive,
SC card, SD/MMC card, etc.) into the appropriate slot. The portable
drive will appear in the BitLocker Drive Encryption dialog box in the
Removable data drives section.
4 Tap or click Turn on BitLocker.

5 In the Choose how you want to unlock this drive screen, select one
of the following options.
• If you want to use a password to unlock the drive, select the
Use a password to unlock the drive check box, enter your
password twice, and then tap or click Next.
• If you want to use a smart card to unlock the drive instead,
select the Use my smart card to unlock the drive check
box, insert your smart card, and then tap or click Next.

6 In the How do you want to back up your recovery key? screen, tap
or click Save to a file.






More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 6 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
7 In the Save BitLocker recovery key as dialog box, enter <<network
storage path or URL>> in the path box.
Tip
BitLocker suggests a filename to use. You can edit this filename to
distinguish it from any other recovery keys that you may acquire for
additional portable drives.
8 In the How do you want to store your recovery key screen,
Windows shows that your recovery key has been saved. Tap or click
Next.
9 In the Choose how much of your drive to encrypt screen, tap or
click one of the options, and then tap or click Next.
Note
IT recommends choosing the Encrypt used disk space only option
for fast encryption. There is no risk of data loss.
10 In the Are you ready to encrypt this drive? screen, tap or click Start
encrypting.
An encryption progress dialog box will appear, followed eventually by
a completion notice. If you remove the portable drive and then

reinsert it, you will be prompted for a password if you chose
password protection. If you chose smart card protection, you will
need to insert your smart card in your smart card reader and enter
your smart card PIN.
Notes
• The time required to encrypt a portable drive with BitLocker To Go
varies depending on the drive size, your connection speed, and the
technology you use, such as External Serial Advanced Technology
(eSATA), FireWire, USB, or USB 2.0. You can continue to use your
computer during the encryption process.
• Each time you attempt to use the drive, you will need to enter the
password or smart card unless you set up BitLocker To Go to unlock
the drive automatically. If you have any issues accessing your drive,
contact << helpdesk contact or technical support URL>>.
• If you want to change the password for a portable drive or change
the auto-unlock feature, see the “Managing BitLocker To Go” section
of this guide.
• All recovery keys are stored in Active Directory
®
and can be obtained
via the self-help process in << insert URL or file location >>.
Managing BitLocker To Go
After you encrypt a portable drive, you may want to back up or print a
recovery key, change a password, remove a password, add a smart card to
unlock the drive, enable or disable the auto-unlock feature, or turn BitLocker
off.





More Work Smart Content:
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.

Page 7 of 7

Work Smart: Protecting Data with Windows 8 BitLocker
Get Started
To do any of these tasks:
1 Open the Control Panel, tap or click System and Security, and then
tap or click BitLocker Drive Encryption.
2 In the BitLocker Drive Encryption dialog box, select the
appropriate BitLocker option.



Note
To print this Work Smart Guide, press CTRL+P.
For More Information
 Windows 8

 Microsoft User Experience Virtualization (UE-V)
/>technologies/virtualization/UE-V.aspxl