Microsoft is set to automatically encrypt all Windows 11 computers with BitLocker! Here is what you need to know!
Microsoft to auto encrypt all Windows 11 devices with BitLocker!
Microsoft is set to automatically encrypt all computers with BitLocker device encryption, in the next major update of Windows 11.
Microsoft began making BitLocker device encryption enabled by default on new PCs with the Windows 11 23H2 update. That will be expanded to include clean installs of Windows 11, and Microsoft is also reducing the hardware requirements for automatic device encryption.
Starting with Windows 11 24H2, BitLocker encryption will be open to PCs running the Home edition, and it will no longer require features like Hardware Security Test Interface (HSTI), or Modern Standby. BitLocker encryption will also be enabled even if untrusted direct memory access (DMA) buses / interfaces are detected.
In short – if you buy a new Windows 11 PC, which comes with version 24H2 installed, or you do a clean installation of Windows 11 version 24H2 when it is made available in late September 2024 (or so), device encryption will be enabled by default.
Recommended : Microsoft / CrowdStrike: Who is responsible for global IT outage?
Automatic BitLocker encryption in Windows 11 : Good or bad?
BitLocker isn’t a new feature – Microsoft introduced it in Windows Vista in 2004. But like Windows Vista, it was rather terrible at that time – slow and buggy, and could only encrypt the system partition.
But it has come a long way since then, and now, many people choose to use BitLocker to securely protect their data. Encrypting a drive, or drive partition, with BitLocker ensures that even if someone steals the drive, they cannot access the encrypted data.
That said, encrypting data using BitLocker has some computational cost, which can be significant for older PCs. Newer processors support hardware acceleration for the AES algorithm that BitLocker uses, so any performance deterioration is greatly reduced.
While Tom’s Hardware says BitLocker can reduce SSD performance by up to 45% for certain workloads, but that is frankly not a big concern for most users, who cannot “feel” the difference on SSDs that are already super fast these days.
After all, Android and iOS smartphones and tablets have long implemented device encryption using slower processors and slower eMMC / UFS flash storage, and no one complained, right? Unless you are comparing an encrypted device with one that isn’t, you can’t tell the difference.
The biggest concern is, arguably, the danger of losing all of your data if you get locked out (by a Windows 11 bug, for example), and lose your BitLocker recovery key.
Recommended : Will Microsoft Disable Your Computer If You Share Fake News?!
Windows saves the BitLocker recovery key in your Microsoft account, so you can retrieve it if you ever get locked out for any reason. That solves the problem for people who sign up for, or log into, their Microsoft account when they setup a new Windows 11 PC.
However, those who choose to use a local account will have to either print the recovery key, or save it to a USB drive, which could get lost. That could explain why Microsoft is so adamant about getting people to register for, and sign into, a Microsoft account when you setup a new Windows 11 PC.
Of course, you can always prevent the loss of important data even in that rare circumstance, by regularly backing up your data. That’s good practice even if you prefer to leave your computer unencrypted.
But here’s the good news for those who insist on not encrypting their computers – you can avoid automatic BitLocker device encryption by using a local account. When you set up Windows 11 to use a local account for the first time, you will be asked to log into a Microsoft account to encrypt the machine. If you skip that, your Windows 11 computer will remain unencrypted.
Techies can also disrupt the automatic device encryption during the Windows 11 installation wizard by using the Command Prompt (Shift + F10) and using the Registry to change the BitLocker “PreventDeviceEncryption” key to 1.
Of course, even after your machine is encrypted, you can also manually disable BitLocker device encryption in Settings under Privacy & Security -> Device encryption.
But if you ask me – it’s time to get on with the rest of the world, and encrypt your Windows 11 systems. There is really no reason to leave your data unencrypted, even if you have “nothing to hide”.
Please Support My Work!
Support my work through a bank transfer / PayPal / credit card!
Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp
Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.
He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.
Recommended Reading
- X insiders deny DDOS attack during Musk-Trump interview!
- Avanade study: Familiarity reduces workplace fears of AI!
- Donald Trump Crypto Giveaway Scam Alert!
- Is WEF plotting grid outage to reset America before election?!
- Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!
Go Back To > Software | Cybersecurity | Tech ARP
Support Tech ARP!
Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!