Full Disk Encryption

Enabling Full Disk Encryption on your device can decrease the likelihood of unauthorized access in the event that the device is lost or stolen. Both macOS and Windows provide Full Disk Encryption capabilities in the Operating System by default.

macOS Instructions:

FileVault 2 is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password. 

  1. Choose Apple menu () > System Preferences, then click Security & Privacy.
     
  2. Click the FileVault tab.
     
  3. Click the lock in the bottom left corner, then enter an administrator name and password.
     
  4. Click Turn On FileVault.
macOS Security & Privacy Preferences Pane displaying the "FileVault" settings.

If there are additional user accounts on your Mac, you may see a message asking to enable additional users. Each additional user account requiring access to unlock the FileVault encryption must type in their password before they are able to unlock the disk.

macOS FileVault enablement window asking for each user to type in their password before they will be able to unlock the disk.

You will be asked to create a recovery key in case you forget your password. It's important to ensure a recovery exists in a secure location for your FileVault encrypted Mac. If you lose both your account password and FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk. 

If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk. 

macOS FileVault enablement screen asking where you would like to store your recovery key.

When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

macOS FileVault login window.

Additional information and troubleshooting for FileVault encryption on macOS can be found on Apple's FileVault Support Page.

 

Windows Instructions:

Encryption helps protect the data on your device so it can only be accessed by people who have authorization. If device encryption isn't available on your device, you might be able to turn on standard BitLocker encryption instead.

Note that BitLocker isn't available on Windows 10 Home edition and your computer must have a TPM chip version 1.2 or later to support Bitlocker.

Verify your device has a TPM chip.

  1. Open the device manager.
     
  2. Expand Security devices. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number.
     
    Windows Device Manager showing the presence of a security device "Trusted Platform Module".

 

Turn on device encryption

  1. Sign into Windows with an administrator account.
     
  2. Select the Start  button, then select Settings  > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available. You may be able to use standard BitLocker encryption instead.
    Windows search bar with the text "Type here to search".
    Windows Start Menu "Settings" option.

     

    Windows Update & Security settings button.
  3. If device encryption is turned off, select Turn on.

     

Turn on standard BitLocker encryption

  1. Sign into your Windows device with an administrator account.
     
  2. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Or select the Start button, and then under Windows System, select Control Panel. In Control Panel, select Systemand Security, and then under BitLocker Drive Encryption, select Manage BitLocker. Note: You'll only see this option if BitLocker is available for your device. It isn't available on Windows 10 Home edition.
    Windows start menu search for "Manage BitLocker".
    Windows Manage BitLocker start menu item.
  3. Select Turn on BitLocker and then follow the instructions.
    Windows BitLocker settings window.

This Guide Applies To: