Microsoft is making BitLocker system encryption a default function in its subsequent main replace to Home windows 11. When you clear set up the 24H2 model that’s rolling out within the coming months, system encryption might be enabled by default whenever you first register or arrange a tool with a Microsoft account or work / faculty account.
Machine encryption is designed to enhance the safety of Home windows machines by robotically enabling BitLocker encryption on the Home windows set up drive and backing up the restoration key to a Microsoft account or Entra ID.
In Home windows 11 model 24H2, Microsoft is lowering the {hardware} necessities for computerized system encryption, opening it as much as many extra units — together with ones working the Dwelling model of Home windows 11. Machine encryption now not requires {Hardware} Safety Check Interface (HSTI) or Fashionable Standby, and encryption can even be enabled even when untrusted direct reminiscence entry (DMA) buses / interfaces are detected.
The most recent Home windows 11 model 24H2 replace comes preinstalled on Microsoft’s vary of Copilot Plus PCs and is predicted to be accessible on present machines in late September. Which means in case you clear set up Home windows 11 later this 12 months or purchase a brand new PC with 24H2 put in, BitLocker system encryption might be enabled by default. When you simply improve to 24H2, Microsoft received’t allow system encryption robotically.
The function may impression SSD efficiency on some units. Tom’s {Hardware} examined this software program model of BitLocker final 12 months and located it may sluggish drives by as much as 45 %. We’ve requested Microsoft repeatedly since early Might to touch upon BitLocker system encryption being enabled by default, however the firm has solely confirmed its plans by way of help paperwork the place there is no such thing as a point out of any potential efficiency impacts.
You’ll be able to keep away from computerized system encryption in case you’re utilizing an area account on a clear Home windows 11 model 24H2 set up. Once you first arrange a brand new machine and log in with an area account, you’ll be prompted to register with a Microsoft account to complete encrypting the system. BitLocker can nonetheless be manually enabled utilizing the BitLocker Management Panel on native accounts, although. You can even disable system encryption by way of a toggle within the privateness and safety part of Home windows 11’s settings interface.
