CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
For support: call extension 5-Help (212-305-4357) or email us
Student Computing

BitLocker Encryption on Student Computers

IMPORTANT: BitLocker on workforce computers must be set up by the department or division's Certified IT Group. Do not use student instructions or the computer will not be complying with University Policy and CUMC Information Security Procedures. Instructions for students are provided as a courtesy only.

BitLocker Icon for Encrypted Drive How BitLocker Works
BitLocker is the native encryption program included free with specific versions of Windows and, once turned on, runs seamlessly on the computer. Decryption happens transparently after entering your computer login and password, simply work on it as you normally would. After logout or shut down everything is encrypted and cannot be read without an authorized login.
  • Since all files are decrypted on login, any containing sensitive data must be individually re-encrypted if copied or moved off of the computer. Methods in the Approved Encryption list can be used for this.
  • You must use a computer login with a strong password that is not shared.
  • It is very important to remember your password correctly. Without it only the recovery key (created before initial encryption by BitLocker) can be used to decrypt data on the computer.

Compatible Windows Computers

BitLocker is built in to the following:
  • Windows 10 Pro, Enterprise and Education editions
  • Windows 8.1 Enterprise or Professional editions
  • Windows 7 Enterprise or Ultimate editions
Other requirements are:
  • The computer must have a TPM version 1.2 (or higher) chip installed. Instructions for preparing your computer will help you check for TPM and activate it if necessary.
  • The computer cannot be joined to a domain such as MC. Computers joined to a domain are managed by IT staff; you must contact them to enable BitLocker. A domain enforces restrictions that can override settings you need to adjust when setting up BitLocker.
For help finding your computer's version, edition, and whether it is joined to a domain please see What Operating System does my computer use?. If you need to upgrade your computer you may be able to via Columbia's Microsoft Downloads for the CU Community.

Steps for Setting Up BitLocker

Be sure to complete all steps to ensure that BitLocker is operating properly.
  1. Prepare your computer to ensure that BitLocker is compatible
  2. Set BitLocker to AES-256 instead its default AES-128, which does not comply with University encryption requirements. If a computer already has BitLocker enabled you can check the encryption method and follow instructions to correct it if needed.
  3. Enable BitLocker for full disk encryption.

| TOP |

Last updated 10/10/2018