Microsoft is making BitLocker instrumentality encryption a default diagnostic successful its adjacent large update to Windows 11. If you cleanable instal the 24H2 mentation that’s rolling retired successful the coming months, instrumentality encryption volition beryllium enabled by default erstwhile you archetypal motion successful oregon acceptable up a instrumentality with a Microsoft account, oregon enactment / schoolhouse account.
Device encryption is designed to amended the information of Windows machines by automatically enabling BitLocker encryption connected the Windows instal thrust and backing up the betterment cardinal to a Microsoft relationship oregon Entra ID.
In Windows 11 mentation 24H2, Microsoft is reducing the hardware requirements for automatic instrumentality encryption, opening it up to galore much devices — including ones moving the Home mentation of Windows 11. Device encryption nary longer requires Hardware Security Test Interface (HSTI) oregon Modern Standby, and encryption volition besides beryllium enabled adjacent if untrusted Direct Memory Access (DMA) buses / interfaces are detected.
The latest Windows 11 mentation 24H2 update comes preinstalled connected Microsoft’s scope of Copilot Plus PCs, and is expected to beryllium disposable connected existing machines successful precocious September. That means if you cleanable instal Windows 11 aboriginal this twelvemonth oregon bargain a caller PC with 24H2 installed past BitLocker instrumentality encryption volition beryllium enabled by default.
The diagnostic could interaction SSD show connected immoderate devices. Tom’s Hardware tested this bundle mentation of BitLocker past year, and recovered it could dilatory drives by up to 45 percent. We’ve asked Microsoft repeatedly since aboriginal May to remark connected BitLocker thrust encryption being enabled by default, but the institution has lone confirmed its plans done support documents wherever determination is nary notation of immoderate imaginable show impacts.
Screenshot by Tom Warren / The Verge
You tin debar automatic instrumentality encryption if you’re utilizing a section relationship connected a cleanable Windows 11 mentation 24H2 install. When you archetypal acceptable up a caller instrumentality and log successful with a section relationship you’ll beryllium prompted to motion successful with a Microsoft relationship to decorativeness encrypting the device. BitLocker tin inactive beryllium manually enabled utilizing the BitLocker Control Panel connected section accounts, though.
Microsoft acceptable retired to improve information successful Windows 11 successful a meaningful mode by requiring modern processors, Secure Boot, and TPM (Trusted Platform Module) chips. These requirements, while controversial, allowed Microsoft to besides alteration its virtualized Memory Integrity feature by default 2 years ago, to amended support Windows 11 systems from malicious code.