May 31

How to Do it Yourself: Data Encryption on Windows 11

Running a business today means making sure your data is safe from cyber threats. Encrypting data on your devices is a key step in protecting sensitive information. This quick guide will show you how to enable data encryption on Windows 11, which aligns with CIS Control 3.4 (Ensure the Protection of Data at Rest).


Before you begin, ensure that you:

  • Have a device running Windows 11.
  • Are logged in with an administrator account.

Step 1 — Opening Settings

First, open the Settings app.

  1. Click on the Start menu.
  2. Select the Settings icon (it looks like a gear).

Step 2 — Navigating to Privacy & Security

Next, navigate to the Privacy & Security section.

  1. In the Settings window, click on Privacy & Security in the left-hand menu.

Step 3 — Finding Device Encryption

Now, locate the Device Encryption settings.

  1. Scroll down and click on Device encryption.
    • If you don't see this option, your device might not support it, or you might need to enable it through BitLocker (available in Windows 11 Pro).

Step 4 — Enabling Device Encryption

Enable the encryption on your device.

  1. Toggle the switch to On under Device encryption.
  2. Follow the on-screen instructions to complete the encryption process.
    • This process may take some time, depending on the amount of data on your device.

Step 5 — Using BitLocker (Windows 11 Pro)

If you are using Windows 11 Pro, you can enable BitLocker for more advanced encryption options.

  1. Go to Settings > Privacy & Security > Device Encryption and click on BitLocker settings.
  2. Click Turn on BitLocker.
  3. Choose how you want to unlock your drive at startup (e.g., password or USB drive).
  4. Select your encryption options (encrypt the entire drive for better security).
  5. Save your recovery key in a secure location (not on the encrypted drive).
  6. Click Start encrypting to begin the encryption process.

Why Encryption Matters

Encrypting your data ensures that even if your device is compromised, the information remains secure. This step is crucial for protecting sensitive business data and maintaining customer trust.

Related CIS Control

This step satisfies CIS Control 3.4: Ensure the Protection of Data at Rest, which focuses on encrypting sensitive data to protect it from unauthorized access.

By following these simple steps, you can enhance the security of your business data on Windows 11. Stay tuned for more tips on how to manage your business's cybersecurity risk effectively.

For more details on securing your business, check out our CyberGuardian Blueprint.

Coming soon: How to create an Intune policy to encrypt the drive on all your orgs. devices


CIS Controls, Cybersecurity, Data Encryption, Risk Management, Windows 11 Security

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch

0 of 350