The Windows 11 24H2 update package, to be widely released by the end of the year, will make almost all new installations of the operating system activate BitLocker cryptographic protection by default on the computer.
This isn’t a new feature. BitLocker was introduced in Windows Vista and Windows Server 2008, and has been offered in the successor versions of those operating systems ever since.
This is an important security mechanism. This is because BitLocker encrypts entire data storage units, not just specific folders or files. Therefore, if a laptop is stolen, for example, it becomes more difficult for an attacker to access the data stored there.
BitLocker is most commonly used on servers or corporate computers, which is why the feature is closely associated with Windows Server versions, as well as the Pro or Enterprise editions of Windows 10 and 11.
But with the latest move, Microsoft will allow the mechanism to also be enabled in the Home version of Windows 11, aimed at home users.
How BitLocker activation will work
Microsoft explains that BitLocker encryption will be turned on by default when the user performs a clean install of Windows 11 24H2.
Activation will continue when the user logs into the device with a Microsoft account or a work or school account. A recovery key will also be linked to that account.
To this end, Microsoft eliminated some requirements for activating BitLocker, such as the implementation of HSTI (Hardware Security Test Interface) and Modern Standby technologies (a more modern and supposedly secure sleep mode).
In addition to no longer requiring HSTI and Modern Standby, Windows 11 24H2 will allow encryption to be enabled even if the computer has untrusted devices with direct memory access (DMA), something that was not allowed until now.
Note, however, that nothing changes in Microsoft’s requirements for features such as Trusted Platform Module (TPM) and UEFI Secure Boot for a new installation of Windows 11 to be performed.
The Verge points out that cryptographic volume protection can affect the performance of SSDs, depending on the computer. The outlet claims to have asked Microsoft for comment on the matter, but the company only provided links to documentation, without mentioning any possible impacts on system performance.
BitLocker can be disabled
Fortunately, users who don’t want to rely on the feature can disable encryption in the Privacy and Security area of Windows 11’s settings.
Installing the operating system with local accounts also disables the computer for BitLocker. However, it is increasingly difficult to use Windows 11 without a Microsoft account. Those who have difficulty with this can try installing the system without BitLocker using the Rufus tool, for example.
It is worth noting that BitLocker activation will only be standard on new equipment or equipment that has a Windows 11 24H2 installation done from scratch.
If the machine has a previous operating system installation and is updated to version 24H2, this procedure will not activate protection.
For Windows 10 users, nothing changes. However, this version of the system will no longer be supported by Microsoft in October 2025.