BitLocker becomes mandatory for Windows 11 24H2
The upcoming Windows 11 update, also known as 24H2, is set to introduce a significant security enhancement by enabling BitLocker drive encryption for most PCs. This feature will be applied to both fresh installations and reinstalls, but it might pose challenges for some users.
Microsoft previously introduced BitLocker with the Windows 11 23H2 update, making it the default encryption method for new installations on supported systems. With the 24H2 update, this default setting will extend to reinstalls on systems running 24H2 or later. However, specific details are still limited as the final software release hasn’t occurred yet. Some Windows 11 Home machines may be excluded from this requirement.
The new BitLocker default setting relies on the UEFI encryption flag. If a PC manufacturer has activated this flag, BitLocker will be required with the 24H2 update. Additionally, after installing 24H2, many systems will activate this flag, meaning that all future reinstalls will also require BitLocker. However, users building their systems should have control over this flag and can potentially avoid BitLocker encryption.
BitLocker, which was initially introduced with Windows Vista back in 2004, has significantly improved. It now offers encryption for any partition with minimal inconvenience to the user. The primary advantage of BitLocker is enhanced data security, as it protects files from unauthorized access and ensures data integrity during boot-up using Trusted Platform Modules (TPM).
However, the widespread implementation of BitLocker may bring about notable changes for Windows users who are not familiar with encrypted storage. Additionally, enabling encryption by default could impact system performance, particularly for tasks involving large volumes and files. While modern CPUs offer hardware acceleration for AES encryption, the speed difference may still be noticeable depending on the processor and storage device.