If your PC were lost or stolen, you'd probably cringe at the cost of replacing it. But that's nothing compared to what you'd stand to lose if someone had unfettered access to the data on that device. Even if they can't sign in using your Windows user account, a thief could boot from a removable device and browse the contents of the system drive with impunity.
The most effective way to stop that nightmare scenario is to encrypt the entire device so that its contents are only available to you or someone with the recovery key.
Also: Here's how you can still get a free Windows 10 upgrade[1]
All editions of Windows 10[2] since version 1511 (released in November 2015) include XTS-AES 128-bit device encryption options that are robust enough to protect against even the most determined attacks. Using management tools, you can increase the encryption strength to XTS-AES 256.
On modern devices, the encryption code also performs pre-boot system integrity checks that detect attempts to bypass the boot loader.
BitLocker[3] is the brand name that Microsoft uses for the encryption tools available in business editions of Windows (desktop and server). A limited but still effective subset of BitLocker device encryption features are also available in Windows 10 Home editions. Here's how to make sure your data is protected.
How does BitLocker work in Windows 10?
On all devices that are designed for Windows 10 (see the following section for the hardware requirements), device encryption is automatically enabled. Windows Setup automatically creates the necessary partitions and initializes encryption on the operating system drive with a clear key. To complete the encryption process, you must perform one of the following steps:
- Sign in using a Microsoft account that