Does BitLocker protect data at rest and/or in transit?

BitLocker protects data at rest — not in transit.

Data at rest (what BitLocker protects)

• Definition: Data stored on a physical drive (HDD, SSD, removable drive)

• Protection mechanism: Full disk encryption

• Scope:

  • Encrypts the entire drive
  • Prevents access if the drive is stolen, lost, or removed
  • Requires authentication (TPM, PIN, password) at boot

• Examples:

  • Laptop stolen → attacker cannot read files without the key
  • External drive lost → data remains encrypted

BitLocker does not protect data that are transfered/copied between applications or over networks.

BitLocker does not provide any data protection for a computer that is turned on and connected to networks.