Microsoft Windows 11 24H2 reduces BitLocker eligibility, turns on automatic encryption for more PCs

Microsoft’s help consultant shared particulars with Microsoft Windows Latest on how Microsoft Windows 11 24H2 reduces “requirements” to make use of BitLocker encryption, which implies more PCs at the moment are eligible for automated and guide encryption. This is internally known as Auto_DE, the place the “auto” is automated, and DE most definitely refers to Device Encryption.

Starting with Microsoft Windows 11 model 24H2, the updates removes the necessity for sure {hardware} options that have been beforehand required for automated encryption. For instance, the updates now not requires units to have Hardware Security Test Interface (HSTI) or Modern Standby.

For these unaware, Modern Standby is without doubt one of the flagship options of premium units, which permit units to immediately activate and switch off like a cell device. It was additionally a requirement for Microsoft Windows 11’s device encryption, however that’s now not the case, which implies older {hardware} are additionally eligible for automated or guide encryption.

Additionally, Microsoft Windows 11 24H2 removes the necessity to test for untrusted Direct Memory Access (DMA) interfaces, which implies producers now not want so as to add particular settings within the system registry.

These adjustments mechanically updates the necessities within the Hardware Lab Kit (HLK) exams, so producers don’t have to do something further to fulfill the latest requirements.

Bitlocker is turned on throughout the reinstallation of Microsoft Windows 11 24H2, whether or not you prefer it or not.

BitLocker isn’t a latest characteristic, and it’s usually turned on by default in Microsoft Windows 11 model 23H2 on latest flagship products, such because the HP Spectre.

Currently, it’s not turned on by default for many units, however this adjustments with Microsoft Windows 11 24H2, which activates encryption mechanically throughout reinstallation.

During the Microsoft Windows 11 24H2 contemporary/clear set up course of, BitLocker encryption is enabled within the background, not simply on Microsoft Windows 11 Pro or larger editions but in addition on Microsoft Windows 11 Home if the producer has set a flag within the UEFI.

This encrypts all drives on the {hardware} and impacts two editions of Microsoft Windows 11: Home and Pro (Professional).

It doesn’t have an effect on units upgraded to Microsoft Windows 11 24H2 using Microsoft Windows Update.

For encryption to be enabled mechanically, the device must have a Trusted Platform Module (TPM) and UEFI Secure Boot, that are additionally required by Microsoft Windows 11 as minimal {hardware} necessities.

Previously, units additionally wanted to fulfill Modern Standby or HSTI requirements and guarantee there have been no untrusted DMA interfaces, however these necessities have been dropped within the Microsoft Windows 11 24H2.

While automated encryption begins throughout setup, it’s only absolutely activated after the person indicators in with a Microsoft Account.

Devices using native accounts received’t have automated encryption, however customers can nonetheless manually activate BitLocker by way of the Control Panel.

The good latests is that disabling BitLocker encryption throughout a reinstallation isn’t tough.

The simplest way is to create a bootable ISO by way of Rufus USB, which has the flexibility to disable Microsoft Windows 11 24H2’s drive encryption.

Another methodology is to disable automated encryption proper from the set up wizard. To do that, open the Registry by way of the command immediate (Shift + F10) and alter the BitLocker “PreventDeviceEncryption” key to 1.

Microsoft Windows 11 24H2 is ready to start delivery on Intel and AMD PCs within the second half of the yr, with our sources suggesting a late September or early October window.