barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Windows > Device Data & Configuration

Enabling BitLocker for Windows

Updated on October 12th, 2022

BitLocker is a disk encryption feature for Windows devices. Encryption is a way to protect your system against unauthorized access and keep your data safe and secure.

This article describes how you can remotely enable BitLocker drive encryption for your Windows devices with Miradore.

You can choose to encrypt only the C: drive or all fixed drives. The same encryption method must be used to encrypt all drives on a computer.


  • Premium Plan of Miradore
  • Windows device must be enrolled to Miradore and have a Miradore Client version 1.3.2 or newer installed
  • The device must have a TPM (Trusted Platform Module) chip
  • Supported Windows versions and editions are described in the table below
Windows versions supporting BitLocker
Windows 10 and Windows 11 - -
Windows 8.1 - - -
Windows 7 - - -

How to enable Bitlocker in four steps?

1. Go to Management > Configuration profiles and click the blue Add button.

Creating a configuration profile

2. Choose Windows > BitLocker and configure encryption settings.

Pay attention to the Windows version and drive type (fixed, removable) when choosing the encryption method. More information about the encryption methods is provided on the field tooltip.

BitLocker configuration settings

Click Next to finalize the profile creation.

3. Navigate to the Management > Devices page and use the checkboxes to select devices.

4. Click Deploy > Configuration profile to start the distribution wizard.

Please note that you cannot deploy the configuration to devices that are managed only through the built-in MDM profile.

Configuration profile deployment

Encryption may take some hours depending on the drive size. You can monitor the encryption status from the Windows dashboard widgets or from the Security table on the Device page.

Read more about viewing the BitLocker encryption status of your Windows computers in Miradore article.

How to disable BitLocker?

Turn off BitLocker drive encryption simply by removing the deployed configuration profile from the device(s).

You can remove configuration profiles from a single device easily from the Device page.

For multiple devices, you can use the Deploy > Remove configuration profile button which can be found on the Devices page.

Automate with business policies

You can also create a business policy that deploys a BitLocker configuration profile automatically to all devices having a certain tag.

For more information, read How to create a business policy article.

Previous Article:

Next Article: