Microsoft is preparing to make a significant security change with the upcoming major update of the Windows 11 operating system. This update, known as version 24H2, makes device encryption a default feature. This means BitLocker encryption will be automatically enabled when you first set up a new Windows 11 device or sign in with your Microsoft account.
Device encryption is a security measure designed to protect data on users’ devices. BitLocker prevents unauthorized access by encrypting the Windows installation disk. The encryption key is also backed up to users’ Microsoft accounts or Entra ID, so that in case of a problem with the device, users can access this key and recover their data.
In the 24H2 version of Windows 11, Microsoft is lowering the hardware requirements for automatic device encryption. This change will enable more devices to be automatically encrypted. In particular, devices using the Home version of Windows 11 will now be able to benefit from this encryption feature. With the new update, previous requirements such as hardware security testing interface (HSTI) or Modern Standby will no longer be needed for device encryption. Additionally, encryption can be enabled even if insecure DMA (Direct Memory Access) interfaces are detected.
These new encryption settings will come pre-installed specifically on Microsoft’s Copilot Plus series PCs. These devices will be released with the 24H2 version of Windows 11. However, when existing device owners upgrade to this update, device encryption will not be automatically enabled; However, if a clean installation is made, BitLocker encryption will be automatically activated.
Although enabling BitLocker by default improves device security, there are some concerns that this feature may affect SSD performance. Last year, tests conducted by Tom’s Hardware revealed that the performance of some SSDs could slow down by up to 45 percent when BitLocker was enabled. It is known that Microsoft has not made any official statement about these performance drops and only states in its support documents that BitLocker will be enabled by default.
When users want to avoid this automatic encryption, they can disable this feature by logging in with a local account. However, if you want to encrypt the device even when a local account is used, this can be done manually through the BitLocker Control Panel. Additionally, the device encryption feature can be disabled with a button in the privacy and security settings section of Windows 11.
Microsoft is taking important steps to raise security standards with Windows 11. The operating system aims to make devices more secure by enforcing requirements for modern processors, Secure Boot and TPM (Trusted Platform Module) chips. While these requirements were controversial at the time of Windows 11’s launch, Microsoft two years ago aimed to better protect systems from malicious code by enabling the virtualized Memory Integrity feature by default.
As a result, this new BitLocker device encryption feature, introduced by Microsoft with the 24H2 version of Windows 11, stands out as an important step aimed at increasing user security. However, the potential performance impacts of this feature and user feedback will be among the important factors that will affect the overall acceptance of the update.
Source link: https://www.teknoblog.com/windows-11-24h2-bitlocker-sifreleme/
Web sitemizde ziyaretçilerimize daha iyi hizmet sağlayabilmek adına bazı çerezler kullanıyoruz. Web sitemizi kullanmaya devam ederseniz çerezleri kabul etmiş sayılırsınız.
Gizlilik Politikası