Best whole disk encryption for Windows

Overall Satisfaction with BitLocker Drive Encryption

We use it across our whole organization to encrypt all internal drives on our employees' computers. The main problem it addresses is stolen or forgotten computers. With Bitlocker we don't have to worry about credentials or confidential information getting stolen when a computer is stolen or forgotten somewhere. It also saves us some work as we don't have to reset all the credentials and access of the user when this occurs. In addition, it gives our users the peace of mind if they have to leave their computer in a car or in an hotel room for a day. And finally, with whole drive encryption, you don't have to count on your users to put the sensitive information in the encrypted container.
  • Practically no impact on read performance and low impact on write performance compared to others.
  • Integrated into Windows/no additional cost
  • Easy deployment
  • Whole drive encryption
  • Uses hardware chip to offer better security
  • Even if it's the best we tested, I think write performance could be improved. Maybe with dedicated hardware inside the TPM?
  • No integration with OS password is a shame as most others have it and it is Microsoft on Microsoft so they can probably do it better then anyone else and safer.
  • I wish they would support multiple passwords like FileVault on macOS. If it's a shared computer, you have to give the only password to Bitlocker to both users.
  • It allowed us to move to whole drive encryption without much effort
  • Integrated in Windows Enterprise, so free
  • With the right recovery key, it is really easy for IT to recover the data, backup or reset the user's password.
Most other whole drive encryption tools are really not that easy to manage and come with big performance when compared to Bitlocker. Also, a lot of them don't use TPM which in my opinion gives you better protection.

As for Truecrypt which was what we were using before, it is not whole drive encryption and because of that you have to count on your users to manage sensitive data correctly and you are bound to have at least one user put sensitive data on a non-encrypted partition.

Self-encrypting disks are expensive and hard to manage but will give you practically no performance [issues]. If performance is what you need at any cost this is probably the solution.
Bitlocker is perfect if you want the peace of mind. It's whole disk encryption and easy to manage. It doesn't do fancy stuff, like MFA or multi-users, but it does what it does really well and will not cause you problems as long as you manage the recovery keys correctly.

The only scenario I would not recommend Bitlocker for is for shared computers, like meeting rooms audio/video shared setup, as you have to share the Bitlocker password for this to occur. Bitlocker doesn't allow more than 1 password.