iSumsoft » Resources » Surface » Turn on or off Device Encryption/BitLocker on Surface Pro/Laptop

Turn on or off Device Encryption/BitLocker on Surface Pro/Laptop

Microsoft automatically encrypts your new Surface device and stores the Device Encryption Key on OneDrive, when you log in with your Microsoft Account for the first time. This post demonstrates how to turn on or off device encryption and BitLocker on Microsoft Surface Studio/Book/Laptop/Pro/Go.


How to turn on or off Device Encryption/BitLocker on Surface Pro/Laptop

Windows device encryption is a security feature in Microsoft Windows helps protect your data by encrypting the system drive. Device encryption is available on supported devices running any Windows 10 edition.

BitLocker encryption is available on supported devices running Windows 10 Pro, Enterprise, or Education editions. For example, a Surface Pro, which runs Windows 10 Pro edition, has both the simplified device encryption experience and the full BitLocker management controls.

If device encryption is enabled, only authorized individuals can access your device and data. Windows Device Encryption/BitLocker can also be enabled and disabled manually.

Option 1: Turn on/off device encryption in Settings

Click on the Start button, select Settings > Update & Security > Device Encryption.

If device encryption is turned off, click select Turn on.

Turn on or off Device Encryption

You will be prompted to back up your recovery key. It's recommended to save the recovery key to a USB drive and not to the system drive.

After turning on drive encryption on your Surface, the only way to decrypt your files is by signing in to your device with your Microsoft account password. If you ever forget your password, you can recover or reset it by using a professional Windows Password recovery utility.

At any time, you can disable BitLocker on the Surface Studio, Surface Book, Surface Laptop, Surface Pro, or Surface Go with the same steps above shows, but in this case, click the Turn off button.

Turn off Device Encryption

A pop-up window will open, just click Decrypt all drives button to proceed.

Start decryption

Option 2: Encrypt/decrypt Surface device by using Microsoft BitLocker

If the Microsoft BitLocker is available on your device, follow these steps to turn on BitLocker encryption instead:

1. Sign in to your Surface device with an administrator account.

2. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results.

3. You will see the following screen. Select Turn on BitLocker and then follow the instructions.

Turn on BitLocker

If BitLocker is turned on and you want to turn it off, select Turn off BitLocker.

Suspending/Pausing Device Encryption on Surface

Windows 10 Home

Press Win + X and hit A on the keyboard to open Command Prompt (Admin).

Type manage-bde -protectors -disable C: and hit Enter.

Suspend device encryption

Windows 10 Pro/Enterprise/Education

Go to Control Panel > System and Security > BitLocker Drive Encryption.

Select Suspend Protection on drive C.

Suspend protection