1. Bitlocker Recovery
2. Bitlocker For Mac
3. Bitlocker Key
4. Bitlocker Drive Encryption
5. Bitlocker Download
6. Bitlocker Recovery Key Windows 10

This page explains what is Bitlocker partition, why do you need to format BitLocker drive and how to format a BitLocker drive, USB, or SD card with ease on Windows 10/8/7 computers.

Open Windows' Control Panel, type BitLocker into the search box in the upper-right corner, and press Enter. Next, click Manage BitLocker, and on the next screen click Turn on BitLocker. However, you might find that BitLocker Drive Encryption option is missing from the control panel where BitLocker feature can be enabled normally. At that time, you need to check that if the installed Windows 10 is the edition (Windows 10 Pro or Windows 10 Enterprise and Education) which supports BitLocker feature first.

Here is quick navigation of the content on this page, you can use it to find fixes for this issue immediately:

BitLocker Drive Overview

Before getting to know how to format Bitlocker drive, you may first need to know:

1. 1. What is BitLocker?
2. 2. What can BitLocker drive do?

According to Wikipedia, 'BitLocker is a volume encryption feature included in all Windows versions starting with Windows Vista. It's designed to protect data by providing encryption for an entire volume.'

When enabling BitLocker on a hard disk, USB flash drive, or SD card on your computer, Microsoft Windows encodes the files and folders stored on the device so that only the permitted users can access the data.

Can I Format a BitLocker Encrypted Hard Drive

'Several days ago, I got a Bitlocker encrypted external hard drive. I want to remove BitLocker to decrypt the hard drive, but the problem is that I don't know the password nor recovery key.

Can I format the BitLocker drive and make it usable again?'

A: Yes. When you enabled or even locked BitLocker drive, USB, SD card, you can format it on your own.

In most cases, you can easily format or even wipe a hard drive. However, if the hard drive or USB is encrypted with Windows BitLocker, things become a bit more complex.

If you are trying to format the BitLocker drive, follow through the following parts to restore your drive back to a normal state:

Bitlocker Recovery

1. #1. Check BitLocker Drive State - Locked or Unlocked
2. #3. Format BitLocker Drive with 4 Methods

Part 1. Check BitLocker Drive State - Is The Drive Locked or Unlocked

Before you start, open Windows File Explorer to check the state of your BitLocker encrypted drive first:

Case 1. BitLocker drive is locked

If your BitLocker drive or USB is encrypted with a golden lock icon, it means that your drive is currently locked. You'll have to unlock it first before formatting.

Case 2. BitLocker drive is unlocked

If your BitLocker drive is unlocked with a blue lock icon, it means that your drive data is currently visible and editable. You can also access and even make changes to the saved files, even including the drive.

In other words, when your BitLocker drive is unlocked, you can directly jump to Part 3 and apply one method to format the drive immediately.

IMPORTANT: If you have vital data saved on the BitLocker hard drive or external USB, SD card, unlock the drive, and back up data to another secure location first.

Part 2. Unlock BitLocker Drive Before Formatting

Note that when your drive is encrypted by BitLocker password, you must unlock it first. Once the BitLocker drive is locked, Windows will change the file system parameters, directory entries, and other important parameters of the disk.

As a result, except for Windows itself, no other software can recognize and access the drive. In this part, you'll learn two ways to unlock the BitLocker hard drive or USB, SD:

Way 1. Unlock BitLocker Drive with Password

Step 1. Open Windows File Explorer and locate the BitLocker encrypted drive.

Step 2. Double-click the BitLocker drive or external drive, enter your password in the pop-up window.

Step 3. And click 'Unlock' to unlock the drive.

Now, you can access the drive and manage everything in the BitLocker drive without any problem.

Way 2. Run Clean Command to Clear BitLocker Encryption (without Password)

If you have forgotten the recovery key or password for the BitLocker drive, you can try the clean command in DiskPart to remove the encryption.

We suggest you try every means to find your password and unlock the drive. As this operation will delete the partition and data on the BitLocker drive.

Do it carefully:

Step 1. Type cmd in Windows Search and right-click on Command Prompt and select 'Run as administrator'.

Step 2. Type diskpart and hit Enter.

Step 3. Type the following commands and hit Enter each time:

• list disk
• select disk *
• list partition
• select partition * (Replace * with the partition label of your BitLocker drive or USB)
• delete partition overrride

Step 4. Type exit to close diskpart window.

Now, you can create a new partition on the unallocated space and format it to NTFS for saving data again.

Way 3. Turn to 1-0n-1 Remote Assistance Service Provided by EaseUS

Note that, EaseUS support team also recently provide you with a 1 on 1 remote assistance service. If you are having trouble in unlocking the BitLocker drive, you may turn to our support team for help.

Part 3. Format BitLocker Drive on Windows 10/8/7 (4 Methods)

This part shows you how to format the Bitlocker encrypted hard drive using the following 4 tools:

1. 1. EaseUS partition tool (easiest)
2. 2. Windows File Explorer (Beginners)
3. 3. Disk Management (Experienced Users)
4. 4. CMD Format Command (Professionals)

Fix 1. Format BitLocker Encrypted Drive Using EaseUS Partition Tool

EaseUS partition tool is the best disk formatting tool that you can try to format the hard drive, USB flash drive, SD card, and more to various file systems like FAT32, NTFS, FAT, etc. All levels of Windows users can apply it to manage partitions on an internal hard drive or external storage devices.

It is helpful even the drive, or memory card is encrypted with BitLocker. Now, let's see how to format BitLocker drive after unlocking it:

• Right-click the external drive or USB you intend to format and choose 'Format'.
• Set the Partition label, File system (NTFS/FAT32/EXT2/EXT3/EXT4), and Cluster size, then click 'OK'.
• Click 'OK' to continue.
• Click the 'Execute Operation' button and click 'Apply' to format the hard drive partition.

Fix 2. Format with File Explorer

Step 1. Connect your BitLocker drive to PC if it's an external storage device.

Bitlocker For Mac

Step 2. Open Windows File Explorer and right-click on the BitLocker drive, select 'Format'.

Step 3. Tick 'Quick Format' on the format window, set the file system (NTFS for an internal hard drive, FAT32 for USB/SD smaller than 32GB, exFAT for big external drive) and click 'Start'.

Wait for the process to complete, you can now use it as a normal data drive again.

Fix 3. Format BitLocker Encrypted Drive Using Disk Management

Step 1. Type Control Panel in the search box. And click 'Control Panel'.

Step 2. Click 'Administrative Tools' > 'Computer Management' > 'Disk Management'.

Step 3. Right-click on the drive or partition and click on 'Format'.

Step 4. Select the file system and set the cluster size.

Step 5. Click 'OK' to format the BitLocker encrypted disk, USB flash drive, or SD card.

Fix 4. Format BitLocker Drive in DiskPart with Format Command

Step 1. Type cmd in the Search box, right-click Command Prompt, and select 'Run as administrator'.

Step 2. Type diskpart and hit Enter.

Step 3. Type the following commands and hit Enter each time to format BitLocker drive:

• list disk
• select disk *
• list volume
• select volume *
• format fs=ntfs quick

Step 4. When DiskPart tells the format has completed, type exit and hit enter to close DiskPart.

Now, you can save files to the drive again.

Bonus Tip 1: How to Remove BitLocker from Hard Drive/USB/SD Card

If you have turned on Bitlocker for a drive on your computer, you can normally write data to and read data from it. But when you want to install Windows, you will see 'Windows cannot be installed to this hard disk space. Bitlocker drive encryption is enabled.' error message.

To resolve this issue, you can turn off Bitlocker and decrypt the drive by following the steps below:

Bitlocker Key

Note that if your BitLocker drive is currently locked, use your password to unlock it first.

Step 1. Go to Control Panel on your computer. Click on 'BitLocker Drive Encryption'.

Bitlocker Drive Encryption

Step 2. Find the Bitlocker encrypted drive and choose 'Turn Off BitLocker' to decrypt the hard drive, USB flash drive, or SD card. Wait for the decrypting to finish.

Bonus Tip 2: Recover Files from Formatted BitLocker Encrypted Drive

Currently, there is no third-party software or solution on the market that can recover files from formatted BitLocker encrypted hard drive. But you can recover files from a formatted hard drive that is not encrypted with a data recovery software, like EaseUS Data Recovery Wizard.

If you fail to back up data but directly formatted the BitLocker drive, EaseUS data recovery software is your best chance. This top-notch file recovery tool enables you to recover lost and deleted, even permanently deleted files from HDD, SSD, USB flash drive, pen drive, SD card, and external hard drives without effort.

Let's see how to recover data after formatting BitLocker drive:

Note: To guarantee a high data recovery chance, install EaseUS data recovery software on another disk instead of the formatted disk.

Step 1. Choose the formatted hard drive

Choose the hard drive partition which you've accidentally formatted and click 'Scan'.

Step 2. Select wanted files

After the scanning process, you can click 'Filter' to filter a specific file type to quickly find wanted files. Then use 'Other Lost Files' or 'Files Lost Original Name', 'Tags', etc. in the left pane to locate your files.

Step 3. Recover files to a secure location

Select the data that you wish to recover and click 'Recover'. Choose a new location to store the files and click 'OK'.

Conclusion

On this page, we explained that is BitLocker encryption and the complete process of removing or formatting BitLocker drive from your PC.

To protect your data security, we highly suggest you first unlock the drive, back up data, and then format the BitLocker drive, USB, or SD card with ease.

For the easiest formatting way, either EaseUS Partition Master or Windows File Explorer Formatting can both help.

Applies to

• Windows 10

This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10.For a general overview and list of topics about BitLocker, see BitLocker.

When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.

Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.

Table 2. Data Protection in Windows 10 and Windows 7

Prepare for drive and file encryption

The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid.Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.

TPM pre-provisioning

In Windows 7, preparing the TPM for use offered a couple of challenges:

• You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
• When you enable the TPM, it may require one or more restarts.

Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.

Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.

Deploy hard drive encryption

BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.

BitLocker Device Encryption

Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition.

Microsoft expects that most devices in the future will pass the testing requirements, which makes BitLocker Device Encryption pervasive across modern Windows devices. BitLocker Device Encryption further protects the system by transparently implementing device-wide data encryption.

Unlike a standard BitLocker implementation, BitLocker Device Encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:

• When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.
• If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
• If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionOperating System Drives Group Policy setting, and select the Do not enable BitLocker until recovery information is stored in AD DS for operating system drives option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
• Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.

Microsoft recommends that BitLocker Device Encryption be enabled on any systems that support it, but the automatic BitLocker Device Encryption process can be prevented by changing the following registry setting:

• Subkey: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlBitLocker
• Value: PreventDeviceEncryption equal to True (1)
• Type: REG_DWORD

Administrators can manage domain-joined devices that have BitLocker Device Encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, BitLocker Device Encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required.

Note

BitLocker Device Encryption uses the XTS-AES 128-bit encryption method. In case you need to use a different encryption method and/or cipher strength, the device must be configured and decrypted (if already encrypted) first. After that, different BitLocker settings can be applied.

Used Disk Space Only encryption

BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused.But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.

Encrypted hard drive support

SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.For more information about encrypted hard drives, see Encrypted Hard Drive.

Preboot information protection

An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see BitLocker Countermeasures.

Manage passwords and PINs

When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files.

Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis.Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.For more information about how startup security works and the countermeasures that Windows 10 provides, see Protect BitLocker from pre-boot attacks.

Configure Network Unlock

Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary.

Network Unlock enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows Deployment Services runs. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled).Network Unlock requires the following infrastructure:

Bitlocker Download

• Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
• A server running at least Windows Server 2012 with the Windows Deployment Services role
• A server with the DHCP server role installed

For more information about how to configure Network Unlock, see BitLocker: How to enable Network Unlock.

Microsoft BitLocker Administration and Monitoring

Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:

• Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
• Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
• Provides centralized reporting and hardware management with Microsoft Microsoft Endpoint Configuration Manager.
• Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
• Enables end users to recover encrypted devices independently by using the Self-Service Portal.
• Enables security officers to easily audit access to recovery key information.
• Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
• Enforces the BitLocker encryption policy options that you set for your enterprise.
• Integrates with existing management tools, such as Microsoft Endpoint Configuration Manager.
• Offers an IT-customizable recovery user experience.
• Supports Windows 10.

Bitlocker Recovery Key Windows 10

For more information about MBAM, including how to obtain it, see Microsoft BitLocker Administration and Monitoring on the MDOP TechCenter.