One of Microsoft’s premises with its operating systems is to offer the maximum possible security to the user. The key measure to achieve this is to offer Windows 10 and Windows 11 at no cost to the user, albeit with a constant watermark and some customization limitations. Well, now it will default to the encryption of the HDD in Windows 11.
Although Microsoft has killed Windows 10 and only talks about the benefits of its new operating system, the data is devastating. Only 30% of users have migrated to the company’s new operating system. And we know that as of October 14, 2025, support for Windows 10 will be permanently discontinued.
Currently, Microsoft continues to distribute security updates, but is no longer working on optimizations and new elements for this version of its operating system. After the announced date, they will not deploy security updates either. It implies that if any vulnerability appears, it will not be fixed and will leave users exposed.
Automatic SSD encryption
Encryption of the main storage drive will be configured automatically the first time we install Windows 11. It will apply not only to the Pro versions of the operating system, but also to the Home versions. This item will also be enforced after you reset your PC.
Note that this device encryption function was already activated by default, although it was now deactivated. Some users have already reported that this function is enabled in the preview version Windows 11 24H2 RTM. Possibly, it will be integrated natively in the next operating system update.
Microsoft has confirmed this information in a statement:
We have adjusted (removal of Modern Standby/HSTI validation and checking for untrusted DMA ports) to enable device encryption to be automatically enabled when performing clean installs of Windows 11.
The encryption feature had been disabled after a serious vulnerability was discovered in BitLocker. You should know that Device Encryption uses BitLocker to encrypt data. It implies that we will have to make a backup copy of the BitLocker encryption key. Don’t just do it on a USB stick, save this key in several places because the drive could be corrupted and you would be in big trouble.
Turn off automatic encryption in Windows 11
That Microsoft wants to force the information on the storage unit to be encrypted is not correct. It should be a function that the user activates at their discretion. For users who are not familiar with the matter, in the future, it could be a big problem. But luckily, you can disable automatic encryption as follows:
- We write “Command Prompt” in the Windows search engine and click to open it
- We must write the command “regedit” and press “Enter” to access the “Registry Editor.”
- Let’s now look for the following subkey: HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Control>BitLocker
- We right click next to it and select the “New” option and then “Dword Value (32 bits)”.
- We name it “PreventDeviceEndryption”
- Now, we must right click on it and in the menu click on “Modify”.
- We have to change the value of the “Value information” and give it value “1”.
Once finished, we click “Accept” and close everything. This involves disabling the encryption feature for the storage drive.