Enable BitLocker AES-XTX 256 Encryption
BitLocker is a full disk encryption feature included with Windows Vista and later versions of the Windows operating system. It uses AES (Advanced Encryption Standard) encryption with a key length of 128-bits or 256-bits to encrypt the entire drive. BitLocker AES-XTX 256 encryption is used to secure data stored on a computer’s hard drive. In this guide, you will learn how to enable BitLocker AES-XTX 256 Encryption method. Here are other related posts: BitLocker Recovery Mode prompted? Cannot find my BitLocker Recovery Key, the Effect of renaming an MBAM or BitLocker-protected Computer,
BitLocker helps protect against data breaches and unauthorized access to data by encrypting the entire drive, including the operating system, system files, and user files. This makes it more difficult for someone to access the data on the drive if the computer is stolen or if someone tries to access the data without permission.
The AES-XTX encryption method was introduced in Windows 10 (1511) and later versions of Windows. This version of AES is designed specifically for encrypting hard disks. By default, Windows 10 1511 encrypts your hard drives using AES-XTX 128.
If you need to safeguard sensitive data, you might consider utilizing the AES-XTX 256 algorithm. Let’s have a look at how to activate this algorithm. Please refer to these related guides: How and where to find your BitLocker recovery key in Windows, and Why does MBAM not automatically re-encrypt MBAM or Bitlocker-protected devices.
Steps to Enable BitLocker AES-XTX 256 Encryption Method
To enable the BitLocker AES-XTX 256 Encryption method, follow the steps below:
To open the Local Group Policy Editor, press the “Windows key” to open “Start” and type “gpedit” and select the top result.
Navigate to the following path: Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption.
Double-click on Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
Select Enabled and choose the encryption algorithm you want, and then click OK to apply the change.
Once this done, you can go ahead to enable BitLocker encryption on your drive. See the following guide on how to enable Bitlocker via the Local Group Policy Editor and the Group Policy Management Console.
To check the encryption status of your drive after enabling BitLocker encryption on it, open the Command Prompt” as administrator. To do this, press the Windows key to open the Start menu and type “cmd” and choose run as administrator.
Type the following command and press Enter:
manage-bde -status
FAQs
Can I validate BitLocker key on my machine is being stored in the MBAM database?
Should you wish to validate that the key on your machine is being stored within the MBAM database it is a simple process on the client. Open an administrative Command Prompt or PowerShell Window on your client machine, and type in the following; manage-bde -protectors -get c:
You can access the SQL server database by using SQL Management Studio to review recovery information. All BitLocker key information is stored in clear text in the RecoveryAndHardwareCores.Keys table in the MBAM Recovery and Hardware database;
How can I exempt a computer from BitLocker encryption?
Add the computer account that you want to be exempted to a security group in Active Directory Domain Services. This allows you to bypass any computer-based BitLocker protection rules. Create a Group Policy Object by using the MBAM Group Policy template, then associate the Group Policy Object with the Active Directory group that you created in the previous step.
When an exempted computer starts, the MBAM client checks the Computer Exemption Policy setting and suspends protection based on whether the computer is part of the BitLocker exemption security group.
I hope you find the post on how to Enable BitLocker AES-XTX 256 Encryption helpful. If you have any questions, please leave a comment below.
