Skip to main content

Troubleshooting Full Disk Encryption on Microsoft Surface devices

This section describes how to troubleshoot Full Disk Encryption on Microsoft Surface devices.

When Full Disk Encryption is enabled on Microsoft Surface devices, the users may be repeatedly prompted to enter a PIN to start the encryption process. In this case, the PIN is not saved and the drives are not encrypted.

To address this issue, enable BitLocker authentication for any devices that lacks keyboards in the preboot environment (such as tablets). Follow these steps to enable BitLocker in the Group Policy settings:

  1. Open the Search box and execute the gpedit.msc command. The Local Group Policy Editor window shows up.

  2. Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

  3. Edit the setting Enable use of BitLocker authentication requiring preboot keyboard input on slates.

  4. Select Enabled, click Apply.

  5. Click OK.

Additional information about Full Disk Encryption is available here.