BitLocker Won’t Enable ❓ How to Switch from Legacy BIOS to UEFI for Full Compatibility

1 – Introduction

BitLocker is a powerful encryption tool for securing Windows systems, but it requires UEFI firmware with a GPT partition style for full functionality, especially when using TPM. If your machine is running in Legacy BIOS mode with an MBR disk, BitLocker activation may fail due to incompatible system requirements. This article explains why this happens and how to resolve the issue by converting your system from Legacy BIOS to UEFI.

2 – Why Does BitLocker Require UEFI ?

BitLocker leverages TPM (Trusted Platform Module) to provide secure encryption key storage. However, TPM-based protection requires UEFI firmware and a GPT-formatted disk. Machines using Legacy BIOS mode operate with MBR partitioning, which lacks the necessary Secure Boot and UEFI-based security mechanisms required by BitLocker.

3 – Symptoms of the Issue

  • BitLocker fails to activate with an error indicating “This device cannot use a Trusted Platform Module” or “incompatible configuration”
  • The TPM is detected but not utilized correctly.
  • The BitLocker wizard requires additional authentication methods such as a startup key or PIN.

4 – How to Convert from Legacy BIOS to UEFI and Enable BitLocker

Step 1 : Verify Your Current BIOS Mode and Disk Type

  1. Open Command Prompt as Administrator.
  2. Check BIOS mode : (If “BIOS Mode” is Legacy, you need to convert to UEFI)
msinfo32

Step 2 : Convert MBR to GPT

  • Open Command Prompt as Administrator.
  • Validate the conversion readiness:
mbr2gpt /validate /allowFullOS
  • Perform the conversion :
mbr2gpt /convert /allowFullOS

Step 3 : Configure BIOS Settings

  • Restart the machine and enter BIOS (typically F2, DEL, or F10).
  • Change the Boot Mode from Legacy to UEFI.
  • Enable Secure Boot (if required for compliance).
  • Save changes and restart the system.

Step 4 : Repair Boot Loader (If Necessary)

If Windows fails to boot after conversion :

  • Boot using a Windows installation USB.
  • Open Command Prompt (Shift + F10).
  • Run the following commands:
diskpart
list disk
sel disk 0  # Select the correct disk
list vol
sel vol X  # Select the EFI partition (usually 100-500MB)
assign letter=Z
exit
  • Rebuild the boot configuration :
bcdboot C:\Windows /s Z: /f UEFI
  • Restart system.

Step 5 : Enable BitLocker

  1. Open Control Panel > BitLocker Drive Encryption.
  2. Click Turn on BitLocker and follow the setup process.
  3. Ensure TPM is enabled in BIOS if necessary.

5 – Conclusion

Converting from Legacy BIOS to UEFI ensures compatibility with modern security features, including BitLocker encryption. By following these steps, you can successfully enable BitLocker and enhance your system’s security posture.

Have you faced challenges with BitLocker activation due to Legacy BIOS ?

Share your experience in the comments !

Thanks

Aymen EL JAZIRI (Microsoft MVP)
Aymen EL JAZIRI (Microsoft MVP)

Hi, I’m Aymen El Jaziri , a passionate System Administrator and Microsoft MVP, with years of hands-on experience in managing and securing modern IT infrastructures.
This blog is where I share technical guides, automation scripts, product reviews, and real-world solutions that help IT professionals simplify their day-to-day work and stay ahead in a fast-evolving cloud ecosystem.
Whether you’re here to troubleshoot an issue, improve your automation game, or learn new best practices , welcome in my blog !
Let’s build a stronger, smarter IT community together.
Feel free to connect with me on LinkedIn for more content, discussions, or collaboration opportunities.

Thanks

Aymen

Articles: 154

Related Posts

Trending now

Why it’s important to to disable user application consent in Microsoft 365
Intune Security Deep Dive : Enable Tamper Protection to Secure Defender Settings on Windows Devices
Unlock Your Microsoft 365 Tenant after Conditional Access misconfiguration in One Click
Maximize RDS Collection Efficiency : PowerShell Automation for Seamless Maintenance