Windows 11 to get BitLocker device encryption by default
Microsoft is set to make BitLocker device encryption a standard feature, in its upcoming major update for Windows 11. This change will be implemented in the 24H2 version, which is scheduled for release in the coming months. Once users install this new version and sign in or configure a device using a Microsoft account, device encryption will be automatically activated.
A security boost for Windows devices
The primary function of device encryption is to enhance the security of Windows devices. This is achieved by automatically activating BitLocker encryption on the Windows installation drive, and securing the recovery key through a Microsoft account or Entra ID. With the introduction of Windows 11 version 24H2, Microsoft wants to lower hardware requirements for automatic device encryption, making it accessible to a wider range of devices.
Windows 11 Home version to support device encryption
The upcoming update will extend support for automatic device encryption to devices running the Home version of Windows 11. This change eliminates the need for Hardware Security Test Interface (HSTI) or Modern Standby. Additionally, encryption will now be activated even when untrusted direct memory access (DMA) buses/interfaces are detected, further enhancing security measures on a broader range of hardware configurations.
Version 24H2 pre-installed on new Microsoft PCs
The Windows 11 version 24H2 update will come pre-installed on Microsoft's range of Copilot Plus PCs, and is expected to be available on existing machines by the end of September. This means that if users clean install the Windows 11 later this year or purchase a new PC with 24H2 installed, BitLocker device encryption will be automatically enabled. However, if users simply upgrade to 24H2, Microsoft won't activate device encryption automatically.
BitLocker's impact on SSD performance
Despite its security benefits, BitLocker could potentially affect SSD performance on certain devices. According to a test by Tom's Hardware last year, this software version of BitLocker might slow drives by up to 45%. Microsoft has not yet commented on these potential performance impacts. Users can avoid the automatic device encryption during a clean Windows 11 version 24H2 install, by using a local account. They will then be prompted to sign in with a Microsoft account to complete encryption process.