BitLocker is Microsoft’s proprietary encryption software for Windows that can encrypt disk partitions or volumes as well as help protect against unauthorized changes to your system such as firmware-level malware. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Bitlocker provides protection for “data at rest” but does not protect data resident in memory or in transit through the computer bus or moving through the network..
Bitlocker requires TPM hardware to provide secure encryption key management, or in the case of desktop and laptop devices, can use an external USB drive.
BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.