Microsoft Confirms Windows 11 24H2 Will Enable Full-Disk Encryption by Default, But Upgrades from Older Versions Won't
Brook.X
Earlier, we reported that the Windows 11 24H2 RTM preview version has enabled BitLocker encryption by default, which means that if users install Windows 11 24H2 from scratch, their disks will be encrypted automatically.
Although some OEM manufacturers have enabled full-disk encryption by default since Windows 10, this was not a default option from Microsoft, nor was it a requirement for OEMs.
However, starting from Windows 11 24H2, both Home and Pro editions will enable full-disk encryption, and Microsoft has confirmed that they have made adjustments to enable device encryption.
Microsoft stated:
"We've made some adjustments (removing modern standby/HSTI validation and untrusted DMA port checks) to enable device encryption, which will automatically start when installing Windows 11. (This statement is consistent with what Microsoft said in their blog post in 2023.)"
Here's how full-disk encryption works:
When users install Windows 11 24H2 or later (or purchase a PC with Windows 11 24H2 or later pre-installed), Windows 11 will enable BitLocker full-disk encryption for the system disk.
There will be no prompts during the OOBE installation stage. After installation, when users log in to their Microsoft account, the BitLocker recovery key will be saved to the account center. If users need to recover data, they will use the recovery key.
In daily use, users may not notice that their disk has been encrypted, as this is different from manually encrypting the hard drive using BitLocker, which requires setting a password to unlock or choosing automatic unlocking. Windows 11's default full-disk encryption, on the other hand, is automatic and does not require users to set or input any passwords.
Potential Impact:
If users log in with a local account, there is a risk of data loss, as the recovery key cannot be saved to the Microsoft account center. If users are not aware of this, they may lose data when the system crashes and needs to be reinstalled.
This is also why users have been complaining about data loss due to device encryption since Windows 10. Users should regularly back up their important data.
If users are opposed to full-disk encryption, they can consider disabling BitLocker encryption by modifying the registry during the OOBE stage, which will allow them to continue using a local account without issues.
Additionally, for supported devices, users can also turn off encryption after installation by going to Windows 11 settings, privacy, and security, and device encryption.
