Microsoft automatically encrypts your new Surface device and stores the Device Encryption Key on OneDrive, when you log in with your Microsoft Account for the first time. This post demonstrates how to turn on or off device encryption and BitLocker on Microsoft Surface Studio/Book/Laptop/Pro/Go.
Windows device encryption is a security feature in Microsoft Windows helps protect your data by encrypting the system drive. Device encryption is available on supported devices running any Windows 10 edition.
BitLocker encryption is available on supported devices running Windows 10 Pro, Enterprise, or Education editions. For example, a Surface Pro, which runs Windows 10 Pro edition, has both the simplified device encryption experience and the full BitLocker management controls.
If device encryption is enabled, only authorized individuals can access your device and data. Windows Device Encryption/BitLocker can also be enabled and disabled manually.
Click on the Start button, select Settings > Update & Security > Device Encryption.
If device encryption is turned off, click select Turn on.
You will be prompted to back up your recovery key. It's recommended to save the recovery key to a USB drive and not to the system drive.
After turning on drive encryption on your Surface, the only way to decrypt your files is by signing in to your device with your Microsoft account password. If you ever forget your password, you can recover or reset it by using a professional Windows Password recovery utility.
At any time, you can disable BitLocker on the Surface Studio, Surface Book, Surface Laptop, Surface Pro, or Surface Go with the same steps above shows, but in this case, click the Turn off button.
A pop-up window will open, just click Decrypt all drives button to proceed.
If the Microsoft BitLocker is available on your device, follow these steps to turn on BitLocker encryption instead:
1. Sign in to your Surface device with an administrator account.
2. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results.
3. You will see the following screen. Select Turn on BitLocker and then follow the instructions.
If BitLocker is turned on and you want to turn it off, select Turn off BitLocker.
Windows 10 Home
Press Win + X and hit A on the keyboard to open Command Prompt (Admin).
Type manage-bde -protectors -disable C: and hit Enter.
Windows 10 Pro/Enterprise/Education
Go to Control Panel > System and Security > BitLocker Drive Encryption.
Select Suspend Protection on drive C.