Windows Latest previously reported on Microsoft’s plans to introduce the device encryption toggle in the 24H2 version settings on Pro editions. Device encryption will be enabled by default when first setting up a Windows 11 PC with Pro and Home editions. Additionally, Microsoft will automatically configure device encryption after you reset your PC.
In our testing, Windows Latest previously observed that device encryption is enabled by default. Over the weekend, users also noticed that Microsoft had already enabled it in Windows 11 24H2 RTM preview builds, suggesting the feature will likely arrive this year when the update rolls out to everyone .
When we asked Microsoft, the company confirmed to Windows Latest that it had recently adjusted the prerequisites for enabling device encryption.
“We have adjusted (removing Modern Standby/HSTI validation and checking for untrusted DMA ports) to enable device encryption so that it is automatically enabled during new installations of Windows 11,” Microsoft said in a statement.
As Microsoft explains in its documentation, Device Encryption uses BitLocker to encrypt data applied to all system drives. You need to back up your BitLocker key to your Microsoft account or save it to an external USB drive. Without this, you cannot access your data.
Windows may ask for the BitLocker recovery key when resetting or reinstalling the operating system. However, obtaining the recovery key may prove difficult if the feature is enabled without user approval. If you lose access to your Microsoft account, you will also lose access to the PC.
BitLocker has a list of hardware requirements, including a TPM 1.2 or newer chip and UEFI. Since Windows 11 checks for these changes during installation, there is no way to escape BitLocker. There are workarounds, however.
How to disable automatic device encryption in Windows 11
During installation, you can disable device encryption using a registry hack:
- Press Shift + F10 to open the Command Prompt window. Type regedit and press Enter to launch Registry Editor.
- Access the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker subkey.
- Right-click on the empty side and select the New > Dword value (32 bits) option in the context menu.
- Name the value “PreventDeviceEncryption”.
- Set the value date to 1 and click on the ALL RIGHT button.
- Close the Registry Editor.
You can also create a bootable USB drive with Rufus. It can prepare modified Windows 11 installation media to bypass system requirements and disable BitLocker.
With Rufus, you can interact with the GUI interface, which is more accessible to less tech-savvy Windows users.
[ad_2]
