If the drive is already encrypted or is in progress, any change to these policy settings doesn't change the drive encryption on the device. If you disable or don't configure these settings, BitLocker uses the default encryption method.Ĭonfiguration Manager applies these settings when you turn on BitLocker. General usage notes for drive encryption and cipher strength
If you need to use a removable drive on devices that don't run Windows 10, use AES-CBC.įor more information on how to create this policy with Windows PowerShell, see New-CMBLEncryptionMethodWithXts. On Windows 10 or later devices, the AES encryption supports cipher block chaining (CBC) or ciphertext stealing (XTS). BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 or 256 bits.