On Windows 11 (or 10), if you turn on Device Encryption, the system may be stuck with the “Device encryption is temporarily suspended. Encryption will resume automatically the next time you restart this device” message after rebooting the computer.
Although encryption will resume automatically in some situations, this is not always the case. If, after several reboots, File Explorer still shows the drive with a lock and the Settings app still displays the same message, there are a few troubleshooting steps you can take to resume encryption on your device.
In this guide, I will explain the different ways to fix the issue that prevents encryption from running correctly on Windows 11 as well as on Windows 10.
Fix device encryption temporarily suspended error on Windows
These four methods can help you fix encryption on Windows 11 (or 10).
Method 1: Wait and restart
If Device Encryption isn’t fully enabled and you’re just enabling the feature, it’s important to note that the encryption process can take some time, depending on the data stored on the drive, meaning that in some situations, you may have to wait until the drive is fully encrypted.
Method 2: Remove physical media
If it’s been some time, and the “Device Encryption” settings still show the “Device encryption is temporarily suspended. Encryption will resume automatically the next time you restart this device” message, then it’s likely that you have a storage drive connected to your computer that cannot use encryption. For example, if you mount an ISO file to a virtual drive on File Explorer or have a CD, DVD, or Blu-Ray drive with physical media, the encryption may not work during the initial process.
In this case, ensure to unmount the ISO from File Explorer and that the media device doesn’t have any physical media (if applicable). You can quicky unmount or open the disc tray by right-clicking the drive in File Explorer and choosing the “Eject” option.
Once you unmount the ISO file or remove the physical media from the drive, restart the computer, and encryption should resume normally.
Method 3: Enable encryption command
If you’re still dealing with the same issue, open Command Prompt (admin), run the manage-bde -protectors -enable C:
command and restart the computer. You can now check if Windows 11 encryption is running correctly on Settings > Privacy & security > Device encryption. On Windows 10, open Settings > Update & Security > Device Encryption.
Method 4: Clear TPM
If the command doesn’t work, you can clear the Trusted Platform Module (TPM) on your computer as a last resort. However, clearing this information from the chip will require you to reconfigure your login PIN and the BitLocker recovery key to start the device, but since the problem is that you can enable encryption, you may not see this screen.
Open Start, search for tpm.msc, open the TPM manager, click the “Clear TPM” button, and click the Restart button. Upon restart, open Command Prompt (admin) and run the Add-BitLockerKeyProtector -MountPoint "C:" -TpmProtector
command to enable encryption and then run the manage-bde -status
command to confirm that the feature is enabled.
After you complete the troubleshooting steps, Device Encryption should now be working properly.
BitLocker vs. Device Encryption
The main difference between BitLocker and Device Encryption is that BitLocker is only available in the Pro and higher editions of Windows 11 and offers additional management options.
Device Encryption is a limited version of BitLocker that encrypts everything on the computer running Windows 11 Home, but the option is available in the Pro edition starting with version 24H2.
Also, starting on Windows 11 24H2, new installations will enable encryption automatically as part of the process. If you’re upgrading the operating system and don’t have encryption enabled yet, the feature won’t be tuned automatically.
What method worked in your installation? Let me know in the comments below.
Source link