Windows 11 24H2 to Feature Default BitLocker Device Encryption for Enhanced Security

  • Thread Author
Microsoft has made significant strides in enhancing the security of its Windows 11 operating system. Following this trend, the tech giant announced that it will make BitLocker device encryption a default feature in the upcoming 24H2 version of Windows 11. This important update is being rolled out, and is poised to change how users secure their devices, particularly for those who perform clean installations or purchase new hardware equipped with this latest version.

What is BitLocker Device Encryption?​

BitLocker is a disk encryption program included with Windows operating systems. It is designed to protect data by providing encryption for entire volumes. With this updated feature, Windows users can rest assured their data is secured against unauthorized access, especially in cases of device theft or loss.

Key Features of BitLocker​

  • Full-Disk Encryption: BitLocker encrypts the entire Windows installation drive and any other specified drives.
  • Backup of Recovery Keys: Users’ recovery keys are automatically backed up to their Microsoft accounts or Entra IDs, making it easier to recover data if needed.
  • Ease of Use: With the upcoming changes, BitLocker will automatically be enabled when setting up a device with a Microsoft account, streamlining the security process for users.

    Changes in the 24H2 Version​

    In Windows 11 version 24H2, Microsoft is significantly relaxing the hardware requirements necessary for automatic device encryption. This expansion means that even more devices, including those operating on the Home version of Windows 11, will be able to utilize this feature.

    Hardware Requirements​

    Historically, device encryption required specific hardware capabilities, such as:
  • Hardware Security Test Interface (HSTI)
  • Support for Modern Standby
  • Secure Boot
  • Trusted Platform Module (TPM) chips However, with the new update, these requirements will be less stringent. For instance, you will no longer need HSTI or Modern Standby, and device encryption will be effectively enabled even if untrusted direct memory access (DMA) buses or interfaces are detected.

    Availability of 24H2​

    Microsoft plans to have the 24H2 update preinstalled on its range of Copilot Plus PCs, with availability for existing devices anticipated later this year, specifically around late September. Therefore, if users opt for a clean install of Windows 11 this fall or purchase a new machine with 24H2, BitLocker device encryption will be enabled by default. Conversely, users upgrading from a previous version to 24H2 will not have device encryption turned on automatically.

    Performance Considerations​

    It's important to note that enabling BitLocker may affect system performance, especially on Solid State Drives (SSDs). Previous tests conducted by Tom’s Hardware indicated that performance could dip by as much as 45% when BitLocker is engaged. Despite inquiries made to Microsoft regarding performance impacts, the company has refrained from providing detailed comments, only confirming its intentions through support documentation.

    Local Accounts and Encryption Options​

    Users who prefer utilizing local accounts can avoid automatic device encryption during a clean installation. However, logging in with a Microsoft account will still be necessary to fully activate device encryption. Should a local account user wish to enable BitLocker, it can still be done manually via the BitLocker Control Panel. Additionally, device encryption can be turned off through a toggle available in the privacy and security section of the Windows 11 settings.

    Implications for Windows Users​

    This move towards default activation of device encryption underscores Microsoft's commitment to bolstering security for Windows users. The implementation of BitLocker reflects a broader trend within tech companies prioritizing data protection and user privacy.
  • Security by Default: By making encryption a default feature, Microsoft helps users protect their sensitive information without additional steps.
  • Accessibility for More Users: With less stringent hardware requirements, a larger user base can benefit from advanced security capabilities.
  • User Experience Improvement: The integration of automated processes in encryption minimizes user engagement, encouraging better compliance with security practices.

    Historical Context of BitLocker​

    Since its introduction in Windows Vista, BitLocker has evolved into a more enhanced and multifaceted solution for device security. The enhancement of automatic device encryption is a direct response to increasing cyber threats and data breaches faced by users. Over the years, the necessity to protect sensitive data has promoted BitLocker’s development and integration into Windows. Microsoft's approach in 2024 marks another pivotal step in this ongoing evolution of security technology within consumer and enterprise ecosystems alike. For many users, especially those working remotely or handling sensitive information, having the confidence that their devices are protected can significantly reduce worries related to data leaks and unauthorized access.

    Conclusion​

    The upcoming changes to BitLocker device encryption in the 24H2 release of Windows 11 not only bolster security but also emphasize Microsoft’s recognition of user needs for automated safety measures. Making encryption a default feature reflects a growing industry standard aimed at improving user security experiences while simplifying the process of safeguarding personal and professional data. As we move into an era where digital threats continue to escalate, the requirement for built-in security features has never been more paramount. For users of Windows 11, this transition will pave the way for a more secure computing experience that aligns with contemporary expectations of privacy and data protection. Realizing that security should be as automated and seamless as possible, Microsoft continues to lead with innovations tailored for the dynamic landscape of technology. For more details on this update, you can view the original article from The Verge here.