A reader sent me this Windows Latest article on the latest iteration of Windows 11 which is called 24H2. A lot of this was not that interesting. Then I spotted this:
BitLocker isn’t a new feature, and it’s typically turned on by default in Windows 11 version 23H2 on new flagship products, such as the HP Spectre.
Currently, it’s not turned on by default for most devices, but this changes with Windows 11 24H2, which turns on encryption automatically during reinstallation.
During the Windows 11 24H2 fresh/clean installation process, BitLocker encryption is enabled in the background, not just on Windows 11 Pro or higher editions but also on Windows 11 Home if the manufacturer has set a flag in the UEFI.
This encrypts all drives on the hardware and affects two editions of Windows 11: Home and Pro (Professional).
On the surface, this doesn’t seem like a smart idea. But let’s dig into this a bit more:
It does not affect devices upgraded to Windows 11 24H2 using Windows Update.
That’s good. Microsoft likely didn’t want to anger a bunch of people who woke up one morning and found that BitLocker was turned on. That likely would not go over well. Next is this:
While automatic encryption starts during setup, it is only fully activated after the user signs in with a Microsoft Account.
Devices using local accounts won’t have automatic encryption, but users can still manually turn on BitLocker through the Control Panel.
That’s also good as well. But I still have a bit of a problem with this. Even though I believe that encryption of devices is a very good idea. The reason I have a bit of a problem with this is that Microsoft appears to be moving people down the road to having BitLocker turned on by default on every device that runs Windows. That’s not a good idea for home users who would be more likely to lose their BitLocker recovery key, meaning that if the need to recover data from an encrypted drive ever arose, they are screwed if they don’t have a back up. And a lot of home users don’t do backups, so you see where this is going. And some corporate environment want nothing to do with BitLocker, and choose self encrypting hard drives instead as they are perceived to offer better levels of encryption. That potentially means more hoops to hop through for those users to get the encryption that they want.
It will be interesting to see how this plays out. While I don’t expect this level of pushback from users. I expect some to question why Microsoft is doing this. And Microsoft may have to answer some questions because of that.
Related
This entry was posted on August 14, 2024 at 8:49 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft Windows 11 24H2 To Turn On BitLocker Encryption BY DEFAULT…. Sort Of
A reader sent me this Windows Latest article on the latest iteration of Windows 11 which is called 24H2. A lot of this was not that interesting. Then I spotted this:
BitLocker isn’t a new feature, and it’s typically turned on by default in Windows 11 version 23H2 on new flagship products, such as the HP Spectre.
Currently, it’s not turned on by default for most devices, but this changes with Windows 11 24H2, which turns on encryption automatically during reinstallation.
During the Windows 11 24H2 fresh/clean installation process, BitLocker encryption is enabled in the background, not just on Windows 11 Pro or higher editions but also on Windows 11 Home if the manufacturer has set a flag in the UEFI.
This encrypts all drives on the hardware and affects two editions of Windows 11: Home and Pro (Professional).
On the surface, this doesn’t seem like a smart idea. But let’s dig into this a bit more:
It does not affect devices upgraded to Windows 11 24H2 using Windows Update.
That’s good. Microsoft likely didn’t want to anger a bunch of people who woke up one morning and found that BitLocker was turned on. That likely would not go over well. Next is this:
While automatic encryption starts during setup, it is only fully activated after the user signs in with a Microsoft Account.
Devices using local accounts won’t have automatic encryption, but users can still manually turn on BitLocker through the Control Panel.
That’s also good as well. But I still have a bit of a problem with this. Even though I believe that encryption of devices is a very good idea. The reason I have a bit of a problem with this is that Microsoft appears to be moving people down the road to having BitLocker turned on by default on every device that runs Windows. That’s not a good idea for home users who would be more likely to lose their BitLocker recovery key, meaning that if the need to recover data from an encrypted drive ever arose, they are screwed if they don’t have a back up. And a lot of home users don’t do backups, so you see where this is going. And some corporate environment want nothing to do with BitLocker, and choose self encrypting hard drives instead as they are perceived to offer better levels of encryption. That potentially means more hoops to hop through for those users to get the encryption that they want.
It will be interesting to see how this plays out. While I don’t expect this level of pushback from users. I expect some to question why Microsoft is doing this. And Microsoft may have to answer some questions because of that.
Share this:
Like this:
Related
This entry was posted on August 14, 2024 at 8:49 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.