Microsoft's upcoming Windows 11 update, version 24H2, is set to introduce a major security enhancement: BitLocker device encryption will be enabled by default on clean installations. This change marks a significant step in Microsoft's ongoing efforts to bolster the security of its operating system.
What's New?
With the 24H2 update, expected to roll out in late September, users performing a clean install of Windows 11 will find BitLocker encryption automatically activated upon first sign-in with a Microsoft account or work/school account. This feature will also be pre-enabled on new PCs shipped with the 24H2 version.
Expanded Compatibility
Microsoft has broadened the scope of devices that can benefit from this security feature. The new update removes previous hardware requirements such as Hardware Security Test Interface (HSTI) and Modern Standby. This change allows BitLocker encryption to be available on a wider range of devices, including those running Windows 11 Home edition.
Performance Considerations
While enhanced security is the primary goal, users should be aware of potential performance impacts. Tests conducted by Tom's Hardware suggest that this software version of BitLocker could slow drive speeds by up to 45% on some devices. Microsoft has not officially addressed these performance concerns.
User Options
For those preferring not to use BitLocker encryption, options are available:
- Using a local account during installation will prevent automatic encryption.
- Users can disable device encryption through the Windows 11 settings interface.
- BitLocker can still be manually enabled later if desired.
It's worth noting that users upgrading to 24H2 from a previous version will not have BitLocker automatically enabled.
This update represents Microsoft's commitment to improving Windows security, building upon previous enhancements like requiring modern processors, Secure Boot, and TPM chips in Windows 11 systems.
As the release date approaches, users planning clean installations or new PC purchases should be aware of this new default setting and consider their encryption preferences.