How to Change BitLocker Encryption in Windows 11

Why Change Your BitLocker Settings?

A stronger encryption code makes your data harder for others to crack. If you work with very sensitive information, using 256-bit encryption gives you extra protection.

What Happens When You Change These Settings?

When you change these settings, your files remain protected with the new, stronger encryption. Any new files you create will immediately use the updated settings. Keep in mind that your computer might need to restart for these changes to take effect.

Method 1Use Group Policy Editor

You can change your BitLocker encryption settings in Windows 11 using the Group Policy Editor, which lets you control how your drives are protected.

1. Open the Local Group Policy Editor. Search for “Edit group policy” on your ⊞ Start menu.
2. Follow these folders in order:

   • Computer Configuration
   • Administrative Templates
   • Windows Components
   • BitLocker Drive Encryption
3. On the right side, find “Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later)”. Double-click it.

4. A window opens. You have three choices:
   • Not Configured (this is the default) – BitLocker uses its standard settings
   • Enabled – you pick the encryption type yourself
   • Disabled – BitLocker uses AES with 128-bit or 256-bit strength

5. If you pick Enabled, use the dropdown menu under Options. Choose your encryption method for:

   • Operating system drives (your main drive)
   • Fixed data drives (regular storage)
   • Removable data drives (USB sticks)
6. Click OK to save. You may need to 🔄 restart your computer.

Method 2Use Registry Editor

If you’re comfortable making advanced changes, you can change your BitLocker encryption in Windows 11 by using the Registry Editor.

The Registry Editor is where Windows stores all its settings. Changing the wrong thing can cause problems. Be careful with this method.

1. Open the Windows Registry Editor. Search for “regedit” on your ⊞ Start menu.
2. Find this path in the left panel:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
3. Look at the right side. You should see three items with these names:

   • EncryptionMethodWithXtsOs
   • EncryptionMethodWithXtsFdv
   • EncryptionMethodWithXtsRdv
4. Double-click each one and change its value:

   • Enter 4 to use AES-CBC 256-bit encryption
   • Enter 7 to use XTS-AES 256-bit encryption

5. Don’t see these items? Right-click a blank area on the right side. Pick “New” and then “DWORD (32-bit) Value”. Create all three items if they’re missing, then enter the values above.
6. To go back to the default XTS-AES 128-bit encryption, delete all three items you created or changed.
7. Save your changes and 🔄 restart your computer.

Summary

Changing your BitLocker encryption in Windows 11 can make your data more secure, and you have two main ways to do it: the Group Policy Editor or the Registry Editor.

You have two ways to change this:

• Group Policy Editor – easier and safer for most people
• Registry Editor – more advanced, requires admin access

You can change encryption for your main drive, storage drives, and removable drives. Always 🔄 restart your computer after making changes. This lets Windows use the new encryption settings.

Stronger encryption takes a bit more computer power but keeps your data much safer.