Comment on Microsoft is enabling BitLocker device encryption by default on Windows 11
Romkslrqusz@lemm.ee 5 weeks ago
[…] device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.
For devices with a TPM, this has literally been the case since Windows 10 1803 back in 2018.
bandwidthcrisis@lemmy.world 5 weeks ago
But that’s not the case for Windows Home, is it? The FDE setting just takes me to a page to upgrade to Pro. My laptop does have TPM.
Romkslrqusz@lemm.ee 5 weeks ago
It is, Secure boot and the TPM must both be enabled.
If you check Msinfo32 / “System Information” with admin rights, there is a “device encryption” listing that maybhave additional information.
There are rare instances where a device won’t support automatic encryption due to “Un-allowed DMA capable bus/device(s) detected” which requires a registry tweak to work around
bandwidthcrisis@lemmy.world 5 weeks ago
And there it is in msinfo!
Thanks very much. I’ve been using veracrypt for years, it’s good to know that I have another option (especially to simplify things for family members).