Summarize

Simplifying... Inshort

Microsoft is set to enhance security on Windows 11 by automatically activating BitLocker device encryption, even on Home versions.
This update, expected by September end, will come pre-installed on new PCs and can be added to existing ones, though it won't auto-activate on upgrades.
However, users should note that BitLocker could potentially slow SSD performance by up to 45%.

Was a long read? Making it simpler...

Next Article

This change applies to users setting up a new device with a Microsoft account

Windows 11 to get BitLocker device encryption by default

By Dwaipayan Roy

Aug 14, 2024

06:21 pm

What's the story

Microsoft is set to make BitLocker device encryption a standard feature, in its upcoming major update for Windows 11. This change will be implemented in the 24H2 version, which is scheduled for release in the coming months. Once users install this new version and sign in or configure a device using a Microsoft account, device encryption will be automatically activated.

Enhanced security

A security boost for Windows devices

The primary function of device encryption is to enhance the security of Windows devices. This is achieved by automatically activating BitLocker encryption on the Windows installation drive, and securing the recovery key through a Microsoft account or Entra ID. With the introduction of Windows 11 version 24H2, Microsoft wants to lower hardware requirements for automatic device encryption, making it accessible to a wider range of devices.

Expanded access

Windows 11 Home version to support device encryption

The upcoming update will extend support for automatic device encryption to devices running the Home version of Windows 11. This change eliminates the need for Hardware Security Test Interface (HSTI) or Modern Standby. Additionally, encryption will now be activated even when untrusted direct memory access (DMA) buses/interfaces are detected, further enhancing security measures on a broader range of hardware configurations.

Product integration

Version 24H2 pre-installed on new Microsoft PCs

The Windows 11 version 24H2 update will come pre-installed on Microsoft's range of Copilot Plus PCs, and is expected to be available on existing machines by the end of September. This means that if users clean install the Windows 11 later this year or purchase a new PC with 24H2 installed, BitLocker device encryption will be automatically enabled. However, if users simply upgrade to 24H2, Microsoft won't activate device encryption automatically.

Performance concerns

BitLocker's impact on SSD performance

Despite its security benefits, BitLocker could potentially affect SSD performance on certain devices. According to a test by Tom's Hardware last year, this software version of BitLocker might slow drives by up to 45%. Microsoft has not yet commented on these potential performance impacts. Users can avoid the automatic device encryption during a clean Windows 11 version 24H2 install, by using a local account. They will then be prompted to sign in with a Microsoft account to complete encryption process.