Enabling Full Disk Encryption on your device can decrease the likelihood of unauthorized access in the event that the device is lost or stolen. Both macOS and Windows provide Full Disk Encryption capabilities in the Operating System by default.
FileVault 2 is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password.
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click the lock in the bottom left corner, then enter an administrator name and password.
- Click Turn On FileVault.
If there are additional user accounts on your Mac, you may see a message asking to enable additional users. Each additional user account requiring access to unlock the FileVault encryption must type in their password before they are able to unlock the disk.
You will be asked to create a recovery key in case you forget your password. It's important to ensure a recovery exists in a secure location for your FileVault encrypted Mac. If you lose both your account password and FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.
If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.
When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.
Additional information and troubleshooting for FileVault encryption on macOS can be found on Apple's FileVault Support Page.
Encryption helps protect the data on your device so it can only be accessed by people who have authorization. If device encryption isn't available on your device, you might be able to turn on standard BitLocker encryption instead.
Note that BitLocker isn't available on Windows 10 Home edition and your computer must have a TPM chip version 1.2 or later to support Bitlocker.
Verify your device has a TPM chip.
- Open the device manager.
- Expand Security devices. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number.
Turn on device encryption
- Sign into Windows with an administrator account.
- Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available. You may be able to use standard BitLocker encryption instead.
- If device encryption is turned off, select Turn on.
Turn on standard BitLocker encryption
- Sign into your Windows device with an administrator account.
- In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Or select the Start button, and then under Windows System, select Control Panel. In Control Panel, select Systemand Security, and then under BitLocker Drive Encryption, select Manage BitLocker. Note: You'll only see this option if BitLocker is available for your device. It isn't available on Windows 10 Home edition.
- Select Turn on BitLocker and then follow the instructions.