BitLocker is Microsoft’s proprietary encryption program for Windows, that can encrypt your entire drive as well as help protect against unauthorized changes to your system such as firmware-level malware. Data on a lost or stolen computer/laptop is vulnerable to unauthorized access, either by running a software-attack tool against it, or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections.
Bilocker encryption is available in Windows 7 Ultimate, Windows 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise and Windows 10 Pro.
BitLocker provides most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in modern computers/laptops by the computer manufacturer. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline. On computers that do not have a TPM version 1.2 or later, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both options do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
Disk encryption for laptops should be used to help towards compliance with the General Data Protection Regulation (GDPR).