BitLocker Encryption on Student Computers
Instructions here are provided as a courtesy only for students to set up BitLocker in compliance with CUIMC requirements.
IMPORTANT: Computers used for work - including any personally owned - must have BitLocker set up by the department or division's Certified IT Group as per CUIMC Information Security Requirements.
How BitLocker Works
BitLocker is the native encryption program included free with specific versions of Windows. Once BitLocker is turned on it runs seamlessly on the computer. Decryption happens transparently after entering your computer login and password. After logout or shut down everything is encrypted and cannot be read without an authorized login.
- Since all files are decrypted on login, any containing sensitive data must be individually re-encrypted if copied or moved off of the computer. Methods in the Approved Encryption list can be used for this.
- You must use a computer login with a strong password that is not shared.
- It is very important to remember your password correctly. Without it only the recovery key (created before initial encryption by BitLocker) can be used to decrypt data on the computer.
Compatible Windows Computers
BitLocker is built in to the following:
- Windows 10 Pro, Enterprise and Education editions
- Windows 8.1 Enterprise or Professional editions
While Windows 7 Enterprise or Ultimate editions also have BitLocker built in, it is no longer supported by Microsoft and should not be used. If you want to upgrade to a supported version please see Microsoft Windows information on the Software Downloads for Students page.
Other requirements are:
- The computer must have a TPM version 1.2 (or higher) chip installed. Instructions for preparing your computer will help you check for TPM and activate it if necessary.
- The computer cannot be joined to a domain such as MC. Computers joined to a domain are managed by IT staff; you must contact them to enable BitLocker. A domain enforces restrictions that can override settings you need to adjust when setting up BitLocker.
For help finding your computer's version, edition, and whether it is joined to a domain please see What Operating System does my computer use? If you need to upgrade your computer you may be able to via Columbia's Microsoft Downloads for the CU Community.
Steps for Setting Up BitLocker
Be sure to complete all steps to ensure that BitLocker is operating properly.
- Prepare your computer to ensure that BitLocker is compatible
- Set BitLocker to AES-256 instead of its default AES-128, which does not comply with University encryption requirements. If a computer already has BitLocker enabled you can check the encryption method and follow instructions to correct it if needed.
- Enable BitLocker for full disk encryption.