How to suspend BitLocker encryption to perform system changes on Windows 10

How-to
By published

Are you using BitLocker encryption? Before trying to update Windows 10, firmware, and hardware, use these steps to avoid issues.

Suspend BitLocker
(Image credit: Future)
Jump to:

On Windows 10, BitLocker is a security feature that allows you to encrypt the entire system drive (and external storage) to protect your documents, pictures, music, videos, and other files from unauthorized access if your device gets stolen or lost.

Although BitLocker Drive Encryption is a useful feature (especially for mobile devices, such as laptops and tablets), it has a drawback. If you enable encryption on a system drive, during a Unified Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS) updates, during hardware change, or while upgrading to a new version of the operating system, you may run into issues, such as having to enter a recovery key during startup, because BitLocker will think that the device is being tampered with.

However, you can prevent encryption problems by suspending BitLocker on a system drive to perform firmware, hardware, or Windows 10 updates in at least three different ways, using Control Panel, PowerShell, and Command Prompt.

This guide will walk you through the steps to suspend (and resume) BitLocker on your device to prevent issues during system modifications on Windows 10.

How to suspend BitLocker from Control Panel

To suspend BitLocker using Control Panel on Windows 10, use these steps:

  1. Open Control Panel.
  2. Click on System and Security.
  3. Click on BitLocker Drive Encryption.

(Image credit: Future)
  1. Click the Suspend protection option.

(Image credit: Future)
  1. Click the Yes button.

Once you complete these steps, the BitLocker protection will be temporarily disabled without decrypting your data to perform firmware and system updates without problems.

Using suspension doesn't decrypt the data. Instead, the option makes the BitLocker key available to anyone in clear text, and additional data you create will still be encrypted on the drive. Once you're done making system changes, you can always resume encryption to keep your files protected.

Resume BitLocker protection

To resume the BitLocker protection on your device, use these steps:

  1. Open Control Panel.
  2. Click on System and Security.
  3. Click on BitLocker Drive Encryption.

(Image credit: Future)
  1. Click the Resume protection option.

(Image credit: Future)

Alternatively, restarting your computer will also resume the BitLocker protection automatically.

How to suspend BitLocker from PowerShell

If you feel comfortable using commands, or you're building an automated script, you can use PowerShell to suspend BitLocker on Windows 10 with these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
  3. Type the following command to suspend BitLocker and press Enter: Suspend-BitLocker -MountPoint "C:" -RebootCount 0

In the command, the -RebootCount allows you to determine how many times your computer can restart before BitLocker re-enables automatically. You can use values 0 through 15, while zero suspends BitLocker until you resume the protection manually.

(Image credit: Future)

After you complete the steps, Windows 10 will disable BitLocker indefinitely unless you specify the reboot count option, in which case, the protection will re-enable automatically after the number of restarts that you chose.

Resume BitLocker

After applying a new firmware update or a version of Windows 10, you can resume BitLocker at any time with PowerShell using these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
  3. Type the following command to resume BitLocker and press Enter: Resume-BitLocker -MountPoint "C:"

(Image credit: Future)

After you complete the steps, the encryption protection feature will enable on your device.

How to suspend BitLocker from Command Prompt

You can also use Command Prompt to disable BitLocker on Windows 10 temporarily using these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to identify the drive you want to suspend BitLocker and press Enter: Manage-bde -protectors -Disable C: -RebootCount 0

In the command, the -RebootCount allows you to specify how many times your computer can restart before BitLocker re-enables automatically. You can use values 0 through 15, while zero suspends BitLocker until you resume the protection manually.

(Image credit: Future)

Once you complete these steps, your computer will temporarily stay without encryption protection to perform system changes.

Resume BitLocker

After applying the system changes, you can re-enable the BitLocker protection with Command Prompt using these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to resume BitLocker and press Enter: Manage-bde -Protectors -Enable C:

(Image credit: Future)

After you complete the steps, BitLocker will resume keeping the system drive fully encrypted.

While we're showing you multiple ways to suspend BitLocker on Windows 10, the command options using PowerShell and Command Prompt are the only methods that let you pause encryption indefinitely.

More resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Windows 11 Logo Se
Windows 11

Mauro Huculak
Mauro Huculak

Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.

Read more
Convert MBR to GPT on Windows 10
How to convert MBR to GPT drive to switch BIOS to UEFI on Windows 10
Windows 11 powercfg commands
How to use powercfg to control power settings on Windows 10 and 11
Surface Laptop Studio 2 photos
How to transfer your Windows 11 setup to a new hard drive — no extra app required
Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.
Microsoft blocks critical Secure Boot loophole after over 7 months — fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps
Windows 11 setup on unsupported PC
How to upgrade an unsupported computer to Windows 11
Windows 11 set shutdown time
How to shut your PC down at a specific time on Windows 11 and 10
Latest in Windows 10
Windows 10 Find My Device
How to enable Find My Device on Windows 10 to recover your PC if it's ever lost or stolen
Outlook Client Hero
Microsoft just made Windows 10 worse, and there's (almost) nothing you can do about it
Windows 10 Start menu on HP ZBook Studio G4
Microsoft will retroactively downgrade this part of Windows 10 next month
Former Microsoft Executive Vice President Terry Myerson stands in front of a presentation about Windows 10
Microsoft addresses the 'elephant in the room,' discusses upcoming end of Windows 10 support
Surface Hub 2S
Windows 10 for PCs is not the only version of Windows to reach end of support this year
Windows Insider program settings
Microsoft shuts down the Windows 10 Beta Channel just five months after reopening it
Latest in How-to
The First Berserker: Khazan
Is The First Berserker: Khazan on Xbox Game Pass?
Clair Obscur: Expedition 33
Is Clair Obscur: Expedition 33 on Xbox Game Pass?
A close-up of Hazel in South of Midnight
Is South of Midnight on Xbox Game Pass?
Atomfall screenshot
Atomfall: How to grab the best melee weapon and melee perk right away
Atomfall District B
Atomfall: How to open District B, get inside the Robot Facility, and grab the Signal Redirector
Atomfall District A photo
Atomfall: How to open District A and get inside the Medical Facility