Microsoft BitLocker
Encryption software
Confidentiality software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Microsoft BitLocker and its alternatives fit your requirements.
$199.99 one-time retail
Free Trial
Free version unavailable
Small
Medium
Large
- Education and training
- Agriculture, fishing, and forestry
- Construction
What is Microsoft BitLocker
Microsoft BitLocker is a full-disk encryption feature for Windows that protects data at rest on internal drives and removable media. It is used by IT and security teams to reduce the risk of data exposure from lost, stolen, or decommissioned devices. BitLocker integrates with Windows security features such as TPM-based key protection and supports centralized administration and recovery key management through Microsoft management and directory services.
Centralized policy and recovery
BitLocker supports enforcement through Windows policy controls and can store recovery information in enterprise identity/directory services. This enables help desks to recover access when users forget PINs or when hardware changes trigger recovery mode. Centralized recovery workflows are important for large deployments where unmanaged keys can create operational risk.
Hardware-backed key protection
BitLocker can use a device’s TPM to protect encryption keys and support pre-boot integrity checks. This helps mitigate offline attacks that target disk contents when a device is powered off. It also supports additional protectors (for example, PIN or USB key) to align with different risk profiles and compliance requirements.
Native Windows disk encryption
BitLocker is built into supported Windows editions and encrypts entire volumes, including operating system drives. This reduces the need to deploy separate endpoint encryption agents for Windows fleets. It supports both fixed and removable drives (via BitLocker To Go), which helps standardize encryption policies across common device types.
Windows-centric scope
BitLocker primarily addresses encryption on Windows endpoints and does not provide a cross-platform, single-console approach for macOS, Linux, and mobile devices by itself. Organizations with heterogeneous fleets often need additional tools or separate controls to achieve consistent coverage. This can increase administrative complexity compared with platforms designed for multi-OS data protection.
Limited data-centric controls
BitLocker focuses on protecting data at rest on a device, not on controlling how files are used after access is granted. It does not natively provide document-level rights controls, persistent file encryption across sharing scenarios, or fine-grained usage restrictions. Use cases such as external collaboration controls or per-file policy enforcement typically require complementary solutions.
Edition and management dependencies
Availability and feature set depend on Windows edition and organizational management choices. Some enterprise capabilities (such as streamlined key escrow and compliance reporting) are typically realized when integrated with Microsoft’s broader management and identity stack. In environments without those services, recovery key handling and reporting can be more manual.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| BitLocker (drive encryption enablement) - included with Windows desktop editions | Included with qualifying Windows editions (Windows 10/11 Pro, Enterprise, Education). For a retail Windows 11 Pro license on Microsoft Store the one-time price is $199.99 (US) as listed on the Microsoft Store. | Provides local BitLocker Drive Encryption (manual enablement/device encryption). Availability depends on Windows edition and device hardware (TPM, UEFI, etc.). See Microsoft docs for edition support and system requirements. |
| BitLocker (centralized management) | Requires Windows Enterprise management entitlements (Windows Enterprise E3/E5 or equivalent Microsoft 365 plans); pricing is via Microsoft 365 / Enterprise licensing (see Microsoft 365 plans). | Centralized BitLocker management (Intune/Configuration Manager) and advanced management features require Enterprise license entitlements (Enterprise E3/E5, Education A3/A5). Contact Microsoft or consult Microsoft 365 licensing pages for per-user subscription pricing. |
| Trial / Evaluation (Windows Enterprise) | 90-day evaluation (Windows 11 Enterprise evaluation) – free download from Microsoft Evaluation Center | Full-featured Windows 11 Enterprise evaluation for IT pros (90 days) that includes BitLocker and management testing. |
Seller details
Microsoft Corporation
Redmond, Washington, United States
1975
Public
https://www.microsoft.com/
https://x.com/Microsoft
https://www.linkedin.com/company/microsoft/
