Microsoft’s help consultant shared particulars with Home windows Newest on how Home windows 11 24H2 reduces “necessities” to make use of BitLocker encryption, which implies extra PCs are actually eligible for computerized and handbook encryption. That is internally known as Auto_DE, the place the “auto” is computerized, and DE most probably refers to Machine Encryption.
Beginning with Home windows 11 model 24H2, the replace removes the necessity for sure {hardware} options that have been beforehand required for computerized encryption. For instance, the replace not requires units to have {Hardware} Safety Check Interface (HSTI) or Trendy Standby.
For these unaware, Trendy Standby is among the flagship options of premium units, which permit units to immediately activate and switch off like a cell machine. It was additionally a requirement for Home windows 11’s machine encryption, however that’s not the case, which implies older {hardware} are additionally eligible for computerized or handbook encryption.
Moreover, Home windows 11 24H2 removes the necessity to verify for untrusted Direct Reminiscence Entry (DMA) interfaces, which implies producers not want so as to add particular settings within the system registry.
These modifications mechanically replace the necessities within the {Hardware} Lab Equipment (HLK) exams, so producers don’t have to do something additional to fulfill the brand new requirements.
Bitlocker is turned on in the course of the reinstallation of Home windows 11 24H2, whether or not you prefer it or not.
BitLocker isn’t a brand new characteristic, and it’s sometimes turned on by default in Home windows 11 model 23H2 on new flagship merchandise, such because the HP Spectre.
At the moment, it’s not turned on by default for many units, however this modifications with Home windows 11 24H2, which activates encryption mechanically throughout reinstallation.
In the course of the Home windows 11 24H2 recent/clear set up course of, BitLocker encryption is enabled within the background, not simply on Home windows 11 Professional or larger editions but in addition on Home windows 11 Residence if the producer has set a flag within the UEFI.
This encrypts all drives on the {hardware} and impacts two editions of Home windows 11: Residence and Professional (Skilled).
It doesn’t have an effect on units upgraded to Home windows 11 24H2 utilizing Home windows Replace.
For encryption to be enabled mechanically, the machine must have a Trusted Platform Module (TPM) and UEFI Safe Boot, that are additionally required by Home windows 11 as minimal {hardware} necessities.
Beforehand, units additionally wanted to fulfill Trendy Standby or HSTI requirements and guarantee there have been no untrusted DMA interfaces, however these necessities have been dropped within the Home windows 11 24H2.
Whereas computerized encryption begins throughout setup, it is just absolutely activated after the person indicators in with a Microsoft Account.
Gadgets utilizing native accounts received’t have computerized encryption, however customers can nonetheless manually activate BitLocker via the Management Panel.
The excellent news is that disabling BitLocker encryption throughout a reinstallation isn’t troublesome.
The best methodology is to create a bootable ISO via Rufus USB, which has the power to disable Home windows 11 24H2’s drive encryption.
One other methodology is to disable computerized encryption proper from the set up wizard. To do that, open the Registry via the command immediate (Shift + F10) and alter the BitLocker “PreventDeviceEncryption” key to 1.
Windows 11 24H2 is set to begin shipping on Intel and AMD PCs within the second half of the yr, with our sources suggesting a late September or early October window.