Ed Bott - Windows 10 Support Secrets

39 CHAPTER 3 | Staying secure All editions of Windows 10 support a feature called Device Encryption, which is available on devices that include a Trusted Platform Module (TPM) chip and support the InstantGo (Connected Standby) standard. To check whether your device supports this feature, go to Settings > System > About, and then scroll to the bottom of the page. If you see a Device Encryption heading like the one shown here, you’re in business: Although the Device Encryption feature is on by default, the encryption only works if you sign in using a Microsoft account, which then acts as the encryption key. On PCs running Windows 10 Pro, Enterprise, or Education editions, you have an additional security option called BitLocker Drive Encryption. To encrypt the system drive using BitLocker, the device must have a TPM chip, which means most modern Windows-based laptops designed for business use qualify. BitLocker Drive Encryption is available for non–system drives, including external backup drives and removable media. Your starting point for turning on BitLocker encryption is Control Panel, where the options are filed under the System & Security heading, as shown in Figure 3-3.