With the upcoming Windows 11 24H2 update, Microsoft will automatically enable device encryption on even more computers. The new update is more inclusive with fewer restrictions for older systems.
Unless you’re upgrading from an older Windows version or using a local account, your machine will be automatically encrypted after you install or reinstall the new version of Windows 11. During the setup, Windows will encrypt every drive on your PC and link the encryption keys to your Microsoft account. The drives will automatically unlock when you log in with the same account. Device encryption keeps your storage safe even if someone manages to insert your drive into a different computer to gain unauthorized access.
The Windows 11 23H2 update, which came out earlier in February this year, also offered the same auto-encryption using BitLocker. But it had some advanced requirements (for example, Hardware Security Test Interface and Modern Standby) that excluded older computers. Plus, it only automatically encrypted devices on a fresh installation of Windows 11 23H2.
With the new update, Microsoft is loosening the restrictions mentioned above. Fresh installations or reinstallations of the new Windows 11 version will automatically enable BitLocker encryption, even on devices that lack Hardware Security Test Interface (HSTI) and Modern Standby. You can disable this automatic device encryption in the Settings app. If you’re simply upgrading to the newer version, BitLocker will have to be manually enabled.
The last update was primarily geared towards Windows 11 Pro, Enterprise, and Education editions. Windows 11 24H2 will also target Windows 11 Home machines that have encryption flags enabled in the UEFI defaults.
Microsoft will start pushing the Windows 11 24H2 update from September. It’s worth mentioning that the Apple T2 security chip support has enabled automatic device encryption on Macs for a few years now. Microsoft has just been playing catch up these past few months.
Source: Microsoft via The Verge