The best way to secure sensitive data on your computer is to use full-disk encryption. The easiest way to encrypt a hard drive on a Windows 10 device is to use encryption tools built into the operating system. These tools will most probably not work on your device unless you turn them on.
Remember that whichever encryption tool you use, your data will only be secure if you protect your device with a strong password and set it to lock automatically after a brief period of inactivity.
Check if your device supports encryption
Some older devices do not support encryption even if they run Windows 10. To check if your device supports encryption, select the Start button, navigate to Settings > System > About, and see if you have a Device encryption setting at the bottom of the pane.
If you have the Device encryption setting here, you can enable it by signing in with a Microsoft account. If it is already enabled, you do not need to take any action.
If you do not have the Device encryption setting here, your device does not support encryption. You may still be able to use standard BitLocker encryption that is available on most versions of Windows 10.
(The screenshot above shows the About window that has no Device encryption setting. It means that the device does not support encryption)
Turn on BitLocker encryption
BitLocker is an encryption tool built into Windows 10 Professional, Enterprise, and Education editions. It is not available on computers running Windows 10 Home. If you are not sure which version of Windows operating system you are running, check this resource.
To turn on BitLocker encryption, make sure you are signed in to your Windows device with an administrator account. Select the Start button, and then under Windows System, select Control Panel. In the Control Panel, select System and Security (if you don’t see it, make sure that “View by” is set to “Category”), navigate to BitLocker Drive Encryption > Manage BitLocker. Select Turn on BitLocker and follow the instructions.
After you finish setting up BitLocker, the initial encryption can take a long time, depending on the amount of data stored on your computer. But you can continue using your computer as you normally do while the disk encryption is in progress.
If you do not have BitLocker Drive Encryption setting in the System and Security pane, it may be that your device does not have a TPM (Trusted Platform Module) chip that Windows uses for encryption. To check this, select the Start button, and under Windows Administrative Tools, select System Information. Navigate to the bottom of the System Information window and find Device Encryption Support.
If you get the above value (“TPM is not usable”) next to Device Encryption Support, your device does not have a TPM chip. Even without the chip, you can still turn on BitLocker Encryption by following this guide.