With Windows 11, BitLocker device encryption is enabled by default by Microsoft.

Windows 11 version 24H2 clean installs now have BitLocker device encryption enabled.

Microsoft is set to make BitLocker device encryption a standard feature in the upcoming major update for Windows 11. When users perform a clean installation of the 24H2 version, which will be released in the coming months, device encryption will be automatically activated upon the initial sign-in or setup with a Microsoft or work/school account.

The purpose of device encryption is to enhance the security of Windows systems by automatically activating BitLocker encryption on the primary Windows installation drive and securely backing up the recovery key to a Microsoft account or Entra ID.

In the 24H2 version of Windows 11, Microsoft is lowering the hardware requirements for automatic device encryption, thereby making it accessible to a wider range of devices, including those operating on the Home edition of Windows 11. The requirement for Hardware Security Test Interface (HSTI) and Modern Standby has been removed, and encryption will be enabled even if untrusted direct memory access (DMA) buses or interfaces are present.

The new Windows 11 version 24H2 update will come preinstalled on Microsoft’s Copilot Plus PCs and is anticipated to be available for existing devices by late September. This means that if you perform a clean installation of Windows 11 later this year or purchase a new PC with the 24H2 version, BitLocker device encryption will be enabled by default. However, if you simply upgrade to 24H2, Microsoft will not automatically activate device encryption.

It is important to note that this feature may affect SSD performance on certain devices. Testing conducted by Tom’s Hardware last year indicated that this software version of BitLocker could reduce drive speeds by as much as 45 percent. Despite multiple requests for comment from Microsoft regarding the default activation of BitLocker device encryption since early May, the company has only acknowledged its plans through support documents, which do not address any potential performance concerns.

Users can opt out of automatic device encryption if they choose to set up a local account during a clean installation of Windows 11 version 24H2. When configuring a new machine and logging in with a local account, users will be prompted to sign in with a Microsoft account.

Thank you for reading this post, don't forget to follow my whatsapp channel


Discover more from TechKelly

Subscribe to get the latest posts sent to your email.

Comments are closed.

Discover more from TechKelly

Subscribe now to keep reading and get access to the full archive.

Continue reading