What’s New in BitLocker Disk Encryption on Windows 10

BitLocker Drive Encryption is a full disk encryption feature introduced by Microsoft first in Windows Vista but further developed in Windows 7, 8.1 and Windows 10 with enhanced features. It’s designed to protect data by providing encryption for entire disk volumes, with default in AES encryption algorithm with 128-bit or 256-bit key.

While the basic functions and usage remain the same through different versions, there are quite a few new improvements that make BitLocker on Windows 10 a more secure way to protect no only the whole system but the disks attached to it.

First of all, BitLocker in Windows 10 has been made to run less aggressive for its background conversion, so you are not experiencing the slow performance of the machine while the encryption is in progress. The new conversion mechanism, called Encrypt-on-Write, immediately guarantees the encryption of all writes to disk as soon as BitLocker is enabled on the OS or fixed partitions, regardless of whether the initial encryption process is completed or not.

This also explains why it takes longer to complete the initial encryption process than in Windows 7 or 8.1, and also why it doesn’t really matter. With this new improvements, you could safely start copying sensitive data to the disk as soon as BitLocker is enabled and the volume is in the encryption state. Note that removable drives work in the older mode for backward compatibility.

Secondly, the new encryption algorithm, XTS-AES, provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in the plain text. It’s also FIPS-compliant which is a set of United States Government standards that provide a benchmark for implementing cryptographic software.

And there are a few more,

  • Bitlocker can be administered through various means such as BitLocker Wizard, Manage-BDE, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices
  • Integration with Azure Active Directory for easier online Bitlocker key recovery.
  • DMA port protection using MDM policies to block the DMA ports and secure the device during its startup.
  • BitLocker Network Unlock
  • Support for Encrypted Hard Drive for faster encryption time.
  • Support for classes of HDD/SSD hybrid disks (small SSD used as a non-volatile cache in front of slower spinning HDD, known as Intel RST technology).

/via Ask the Core Team/