Enable BitLocker Drive Encryption in Control Panel or PowerShell

1. Start gpedit.msc
2. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operatin System Drives
3. Enable following Settings
   1. Require additional authentication at startup
   2. Allow enhanced PINs for startup (OPTIONAL)
   3. Configure minimum PIN legnt for startup (OPTIONAL)

Configure pre-boot PIN in PowerShell

manage-bde -protectors -add c: -TPMAndPIN
manage-bde -status