Microsoft is about to take a significant step in terms of data security. The Windows 11 operating system will be encrypted by default for all new installations and system resets, regardless of whether it is Windows 11 Pro or Home.
content
Looking back a bit, with the release of Windows 11, many users were surprised that they could not install the operating system if the hardware configuration of the computer did not support TPM 2.0. TPM 2.0 functions include encryption key storage and management, cryptographic key generation, data encryption and decryption, authentication, and boot security.
The upcoming Windows 11 24H2 update will automatically enable computer encryption for all new installations and system resets, regardless of whether the user has Windows 11 Pro or Windows 11 Home installed. This change where Windows 11 is encrypted by default is already present in the test and preview versions of Windows 11. Microsoft says this policy is aimed at increasing the adoption of device encryption and by implication, the security of user data.
The new function by which Windows 11 will be encrypted
The new feature relies on BitLocker technology to encrypt system drives and protect data. BitLocker has been around since Windows 10 (1511), but is used by very few users at the moment.
A very important aspect to consider is the need to back up your BitLocker recovery key. Losing this key could result in losing access to your entire PC, with little chance of recovery.
Related: How can you recover Bitlocker password and Bitlocker encrypted partitions
The good news is that the Windows 11 24H2 update will not automatically encrypt your PCs. This change that will make Windows 11 encrypted by default only applies to new installations, still leaving existing PCs as they are. However, there are concerns about how users will manage the recovery key or if they will lose access to their Microsoft account, as both situations could result in losing access to the encrypted PC.
How to disable Windows 11 encryption during installation
This new security feature in Windows 11 24H2 will be a very serious problem for users who want to disable automatic encryption at the time of installing Windows 11. Users will need to make changes in the registries (Windows Registry) during installation to prevent device encryption.
Another method is to use tools like Rufus to create Windows 11 installation media that bypass system requirements and disable BitLocker. This way Windows 11 encryption can be disabled during installation.
However, it is not recommended that users make these changes unless the PC is really too old to handle encryption without suffering a significant performance drop. To protect data and PC integrity against unauthorized access, encryption is a very effective security measure. It can become a major problem for users who forget their data encryption key.
