Like many of you, I use USB key drives all the time to move data around from device-to-device or to share data with a colleague. I also use Bit Locker to Go on those drives, especially if they are going to be out of my hands (think UPS or FedEx) to that colleague. As you may know, BitLocker is a file encryption system which allow you to protect your files by encrypting the drive those files reside on. That can be your entire hard disk in your PC, an external disk or a USB drive. So long as you have a Windows 7 or 8 Pro or Enterprise, it can be opened and read just like any other drive.
Paul Thurrott has an excellent overview of Bit Locker on WinSuperSite that I highly recommend reading.
Until today I just assumed that Windows 8.1 with Bing, the low cost version of Windows 8.1 for budget friendly tablets and laptops, could not deal with BitLocker encrypted drives. I figured out however that actually BitLocker and Windows 8.1 with Bing can indeed work together.
For the sake of this article I’m not going to distinguish between BitLocker and BitLocker to Go. The later is fundamentally the same thing as the former, only for portable drives like USB keys.
So let me lay out the basics: In order to use BitLocker you have to have a Windows device that is running Windows 7 or 8 Professional version at a minimum. On these version of Windows, in Control Panel you have the ability to enable BitLocker on your drives in your PC and external drives. Nothing new to report here and again, read Paul Thurrott’s article above for some of these basics.
When it comes to BitLocker and Windows 8.1 with Bing, you do have some BitLocker functionality which, as best I can tell in hours of research on this, seems to be completely undocumented. If it is documented somewhere, send me a link. I haven’t found this particular needle in the Interweb haystack.
If you have a BitLocker encrypted USB key and you connect to your Windows 8.1 with Bing powered device, you will be prompted to unlock that drive to access it. Once you do, you have full read/write access to it. In other words, this isn’t the BitLocker to Go Reader which allows you to read files but not interact with them on a drive.
Here then is my scenario and how I got this working.
First, I purchased a MicroUSB to USB On-The-Go cable on Amazon. It was $6.99 for two of them so not a massive investment. My idea was to simply test things on my Toshiba Encore 2 Windows tablet like a mouse and USB drives (once a geek, always a geek).
Second, I connected up the cable to my tablet then plugged in a BitLocker encrypted USB drive that I had created on my Windows
8.1 PC. Once it was plugged in I was immediately told by Windows it was a BitLocker drive and when I tapped on this notification, I was prompted to enter the password for the drive.
This was not the behavior I was expecting. I assumed that Windows 8.1 with Bing would simply error out and not let me access the drive. Once I entered my password, not only could I read the drive but I could create files, folders and everything you would expect to do with full read/write access.
So why isn’t this documented anywhere on Microsoft’s website or other places? Great question. I have a hard time believing I’m the first to figure this out but I’ve not found any references to it. That said, I think that it is partly due to the limitations of Windows 8.1 with Bing when it comes to BitLocker. For example, you cannot encrypt a drive from this version of Windows. If I connect a non-BitLocker encrypted USB key to my tablet and then right-click it in File Explorer, I do not see an
option to enable BitLocker on it. Further, there is no BitLocker option in Control Panel under System and Security like there is in Windows 8.1 Professional.
What this means then, as best I can tell, is that you can read a BitLocker encrypted drive in Windows 8.1 with Bing but you cannot create a BitLocker encrypted drive.
Initially I thought this may have to do with the TPM (Trusted Platform Module) that is built into my particular tablet but is in virtually all of them at this point (along with most PCs). I’ve not entirely ruled that out but generally the TPM comes into play when you want to encrypt the boot drive of a device. Most tablets, because they have TPM, automatically encrypt the main flash drive of the device by default. This however is not referred to as BitLocker although it is effectively the same thing.
So give this a go and see what you find on your particular tablet using BitLocker and Windows 8.1 with Bing.