In this article, we explain the BitLocker to Go requirement for Windows 11.
BitLocker To Go allows let you to encrypt a USB drive and limit access through a password. With BitLocker, you can open those encrypted drives through BitLocker To Go, using a smart card or password or another authentication mechanism. In simple terms, it is BitLocker Drive Encryption implemented on removable data drives. This feature can encrypt SD cards, USB flash drives, and external hard drives. Also, it can encrypt other drives which are formatted through the FAT16, FAT32, NTFS, or exFAT file system. BitLocker To Go can encrypt removable data drives like USB flash drives and external hard drives.
To use BitLocker, the Windows 11 edition must be Education, Pro, or Enterprise edition.
The most significant hardware feature needed to support BitLocker Device Encryption is a Trusted Platform Module chip (TPM). The particular device should also support the Modern Standby feature (earlier known as InstantGo).
To turn on the BitLocker Drive Encryption on the drive, your PC’s hard disk should have a minimum of two partitions, i.e., a system partition and operating system partition. The system partition comprises the files required to start your PC, and its size should be a minimum of 100 MB. The operating system partition contains the Windows binaries. The system partition will stay unencrypted, and the operating system partition will be encrypted. This allows for the initialization of the computer to start. In case your computer does not possess these two partitions, then BitLocker will make them. Both these partitions should be formatted through the NTFS file system.
Another requirement is to have BIOS compatible with TPM or the one that supports USB devices all through computer startup. If this is not available, then you will have to update the BIOS before you implement BitLocker.
Note: TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security, Enable the Secure Boot feature. See TPM requirements for Windows 11.