Direct memory access (DMA) protection is enabled.The device contains a TPM (Trusted Platform Module), either TPM 1.2 or TPM 2.0.BitLocker automatic device encryption hardware requirementsīitLocker automatic device encryption is enabled when: BitLocker automatic device encryption is not enabled with local accounts, in which case BitLocker can be manually enabled using the BitLocker Control Panel. Until that, protection is suspended and data is not protected. However, protection is enabled (armed) only after users sign in with a Microsoft Account or an Azure Active Directory account. Note: BitLocker automatic device encryption starts during Out-of-box (OOBE) experience.
BitLocker automatic device encryptionīitLocker automatic device encryption uses BitLocker drive encryption technology to automatically encrypt internal drives after the user completes the Out Of Box Experience (OOBE) on Modern Standby or HSTI-compliant hardware.
This additional system partition can be used to host Windows Recovery Environment (RE) and OEM tools (provided by the OEM), so long as the partition still meets the 250 MB free space requirement.įor more information see, and Hard Drives and Partitions.
The BitLocker system partition must meet the following requirements. BitLocker drive encryption hardware requirementsīitLocker drive encryption uses a system partition separate from the Windows partition. BitLocker drive encryption uses a TPM, either discrete or firmware, that supports the Static Root of Trust Measurement as defined by the Trusted Computing Group. BitLocker drive encryption provides offline data and operating system protection by ensuring that the drive is not tampered with while the operating system is offline.