BitLocker is a full disk encryption feature included with Windows Vista and later versions of the Windows operating system. It uses AES (Advanced Encryption Standard) encryption with a key length of 128-bits or 256-bits to encrypt the entire drive. BitLocker AES-XTX 256 encryption is used to secure data stored on a computer’s hard drive. In this guide, you will learn how to enable BitLocker AES-XTX 256 Encryption method. Here are other related posts: BitLocker Recovery Mode prompted? Cannot find my BitLocker Recovery Key, the Effect of renaming an MBAM or BitLocker-protected Computer,
BitLocker helps protect against data breaches and unauthorized access to data by encrypting the entire drive, including the operating system, system files, and user files. This makes it more difficult for someone to access the data on the drive if the computer is stolen or if someone tries to access the data without permission.
The AES-XTX encryption method was introduced in Windows 10 (1511) and later versions of Windows. This version of AES is designed specifically for encrypting hard disks. By default, Windows 10 1511 encrypts your hard drives using AES-XTX 128.
If you need to safeguard sensitive data, you might consider utilizing the AES-XTX 256 algorithm. Let’s have a look at how to activate this algorithm. Please refer to these related guides: How and where to find your BitLocker recovery key in Windows, and Why does MBAM not automatically re-encrypt MBAM or Bitlocker-protected devices.
Steps to Enable BitLocker AES-XTX 256 Encryption Method
To enable the BitLocker AES-XTX 256 Encryption method, follow the steps below:
To open the Local Group Policy Editor, press the “Windows key” to open “Start” and type “gpedit” and select the top result.
Navigate to the following path: Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption.
Double-click on Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
Select Enabled and choose the encryption algorithm you want, and then click OK to apply the change.
Once this done, you can go ahead to enable BitLocker encryption on your drive. See the following guide on how to enable Bitlocker via the Local Group Policy Editor and the Group Policy Management Console.
To check the encryption status of your drive after enabling BitLocker encryption on it, open the Command Prompt” as administrator. To do this, press the Windows key to open the Start menu and type “cmd” and choose run as administrator.
Type the following command and press Enter:
manage-bde -status
I hope you find the post helpful. If you have any questions, please leave a comment below.