Privacy and Security Turn On or Off Device Encryption in Windows 11


  • Staff
BitLocker_OS_banner.png

This tutorial will show you how to turn on or off device encryption on a Windows 11 PC.

Device encryption (aka: BitLocker automatic device encryption) helps protect your data on the OS drive, and it's available on a wide range of Windows devices. If you turn on device encryption, the OS drive on your device can only be accessed by people who've been authorized. If device encryption isn't available on your device, you may be able to turn on standard BitLocker encryption instead.

Device encryption is available and turned on by default on devices (ex: tablet or 2-in1) that support Modern Standby and running any Windows 11 edition. If you want to use standard BitLocker encryption instead, it's only available on supported devices running Windows 11 Pro, Enterprise, or Education. Some devices have both types of encryption.

References:


You must be signed in as an administrator to turn on or off device encryption.

Device encryption uses XTS-AES 128-bit BitLocker encryption method and cipher strength by default in Windows 11. If you would like to use a stronger XTS-AES 256-bit BitLocker encryption method and cipher strength, then you will need to change the BitLocker encryption method and cipher strength before turning on device encryption. If device encryption is already turned on, then you would need to turn off device encryption, change the BitLocker encryption method and cipher strength, and then turn on device encryption.


Device encryption should be suspended or turned off before flashing the system BIOS and when a motherboard or system drive replacement is expected.



Contents



EXAMPLE: Device encryption turned on:

Device_encryption_This_PC.png





Option One

Turn On Device Encryption


1 Open Settings (Win+I).

2 Click/tap on Privacy & security on the left side, and click/tap on Device encryption on the right side. (see screenshot below)

The Device encryption setting will not be available if you are not currently signed in as an administrator.

If you do not have Device encryption available, then your PC doesn't support device encryption. You may be able to turn on standard BitLocker encryption instead.


Open Device encryption settings

Device_encryption-1.png

3 Turn on Device encryption. (see screenshot below)

Device_encryption_on-2.png

4 You will now see Encryption is in progress until finished. (see screenshot below)

This may take a while to finish. Do not turn off your PC until device encryption has successfully finished.


Device_encryption_on-3.png

5 When finished, you can close Settings if you like.

6 It is highly recommended that you now backup the BitLocker recovery key used for Device Encryption. You will need to know this BitLocker recover key if you should ever be prompted for it to gain access to your Windows drive.




Option Two

Turn Off Device Encryption


1 Open Settings (Win+I).

2 Click/tap on Privacy & security on the left side, and click/tap on Device encryption on the right side. (see screenshot below)

The Device encryption setting will not be available if you are not currently signed in as an administrator.

If you do not have Device encryption available, then your PC doesn't support device encryption.


Open Device encryption settings

Device_encryption-1.png

3 Turn off Device encryption. (see screenshot below)

Device_encryption_off-2.png

4 Click/tap on Turn off to confirm. (see screenshot below)

Device_encryption_off-3.png

5 You will now see Decryption is in progress. until finished. (see screenshot below)

This may take a while to finish. Do not turn off your PC until decryption has successfully finished.


Device_encryption_off-4.png

6 When finished, you can close Settings if you like.


That's it,
Shawn Brink


 

Attachments

  • BitLocker_OS.png
    BitLocker_OS.png
    8.9 KB · Views: 235
Last edited:
  • Like
Reactions: CB
Not sure if i am lucky or not but my PC doesn't support device encryption, might just be something else to worry about !!
Chuck
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
Not sure if i am lucky or not but my PC doesn't support device encryption, might just be something else to worry about !!
Chuck
Hello Chuck, :)

Device Encryption will only be available for devices that support Modern Standby.

If Device Encryption is not available to you, you should still be able to use BitLocker instead unless you have the Home edition installed.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Hey Brink, yes that is what my system has/had installed !!
So guess i am good there, thanks for letting me know !!
Chuck
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
Hey Brink, yes that is what my system has/had installed !!
So guess i am good there, thanks for letting me know !!
Chuck
:shawn:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Do you know of any method of upgrading [Repair install procedure] to Windows 11 that prevents Device encryption being enabled?

Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Hi,
Where's the reg file to disable this via group policy and maybe registry ?
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
Hi,
Where's the reg file to disable this via group policy and maybe registry ?

I haven't seen a group policy available for Device Encryption yet.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
I haven't seen a group policy available for Device Encryption yet.
Hi,
Sadly I have not either
Has to be a regedit though :/
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
Does garlin's Registry key not help?


All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Does garlin's Registry key not help?


All the best,
Denis

Hello Denis, :alien:

I haven't tested it, but it would have to be used before setup to be effective.

Otherwise, you could just set up using a local account to avoid Device Encryption being turned on automatically during Windows Setup.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Otherwise, you could just set up using a local account to avoid Device Encryption being turned on automatically during Windows Setup.
Shawn,

It's the existence of S0 Modern standby that ensures device encryption during OOBE even when there has been no internet connection & a local user account is all that has been created.
I've tried several times this year but have not managed to avoid it. I used Spartan's post #7 method but had to de-crypt every time. I noticed in that thread that at least one other user succeeded.

I just posted the link to garlin's post because ThrashZone referred to not knowing a relevant Registry Key.


All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Number 2 is not visible in trhe uppermost window. Only 3 items "Windows Security, "Find my device" and ""For developers" are there. Nr. 3 "Device encryption" is missing. Not grayed out, but completely absent. How come?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    NUC8i7BEH 8e gen. 2.5
    CPU
    Intel i7
    Motherboard
    NUC8i7BEH 8e gen. 2.5
    Memory
    16 Gb
    Graphics Card(s)
    in CPU
    Sound Card
    in CPU
    Monitor(s) Displays
    Philips 271E (2 x)
    Screen Resolution
    1920 x 1080 (2 x)
    Hard Drives
    Samsung 970 Evo NVMe M.2 1TB SSD
    Samsung 850 Evo 1TB SSD
    PSU
    ??
    Case
    small box
    Cooling
    ?
    Keyboard
    Logitech K800
    Mouse
    Logitech M570
    Internet Speed
    400 GB
    Browser
    Firefox
    Antivirus
    F-Secure
Number 2 is not visible in trhe uppermost window. Only 3 items "Windows Security, "Find my device" and ""For developers" are there. Nr. 3 "Device encryption" is missing. Not grayed out, but completely absent. How come?

Probably because your computer is not capable of encryption.
I have one like that.

@pparks1
@bikemanI7
I seem to recall that you also use MiniPCs. Can you advise Mike?



All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
But originally I could encrypt! After messing around I couldn't encrypt anymore.
Mike.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    NUC8i7BEH 8e gen. 2.5
    CPU
    Intel i7
    Motherboard
    NUC8i7BEH 8e gen. 2.5
    Memory
    16 Gb
    Graphics Card(s)
    in CPU
    Sound Card
    in CPU
    Monitor(s) Displays
    Philips 271E (2 x)
    Screen Resolution
    1920 x 1080 (2 x)
    Hard Drives
    Samsung 970 Evo NVMe M.2 1TB SSD
    Samsung 850 Evo 1TB SSD
    PSU
    ??
    Case
    small box
    Cooling
    ?
    Keyboard
    Logitech K800
    Mouse
    Logitech M570
    Internet Speed
    400 GB
    Browser
    Firefox
    Antivirus
    F-Secure

Latest Support Threads

Back
Top Bottom