Windows 11 Home Device Encryption


very_452001

Member
Local time
4:01 AM
Posts
101
OS
Windows 11
Hi,

I see in Windows Settings > Privacy & Security > Device Encryption is turned on and a yellow warning message above saying "sign in with your Microsoft account to finish encrypting this device"

Questions are if I don't sign into MS account locally on my laptop:

- Is my laptop already encrypted without the need for windows 11 Pro Bitlocker? So if I lose my laptop my data in it is encrypted?
- What encryption is it in win 11 home?
- Where are the decryption keys?
- Can I encrypt usb devices?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
Device encryption is a cut down version of Bitlocker and only on Home if pc has TPM and modern standby.

If you lose laptop, encryption does not add much if you have a weak (or worse no) password. It only really helps if drive is removed.

Decryption keys are held in rhe tpm.

I am not sure if you can encrypt usb keys without testing.

Frankly, I turn off device encryption as benefit is minimal.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

My Computer

System One

  • OS
    Windows 10
Device encryption is a cut down version of Bitlocker and only on Home if pc has TPM and modern standby.

If you lose laptop, encryption does not add much if you have a weak (or worse no) password. It only really helps if drive is removed.

Decryption keys are held in rhe tpm.

I am not sure if you can encrypt usb keys without testing.

Frankly, I turn off device encryption as benefit is minimal.

What is Modern Standby?

Are the Decryption keys held in TPM or online Microsoft account?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na

Can you clarify whether my laptop is already encrypted or do you mean I need to get my local account on my laptop to be signed into Microsoft online to finish the encryption?
Similar but with fewer control options.
Sorry what do you mean?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
Can you clarify whether my laptop is already encrypted or do you mean I need to get my local account on my laptop to be signed into Microsoft online to finish the encryption?
The encryption happens when you sign in to a MS account.
Check the current encryption status
  • Open a new command prompt as Administrator.
  • Type and run the command manage-bde -status to see the status for all drives.
  • Type and run the command manage-bde -status <drive letter>: to see the BitLocker status for a specific drive. Substitute <drive letter> with the actual drive letter of your BitLocker protected drive.
 

My Computer

System One

  • OS
    Windows 10
Can you clarify whether my laptop is already encrypted or do you mean I need to get my local account on my laptop to be signed into Microsoft online to finish the encryption?

Sorry what do you mean?
Scroll down to Device encryption


Can I encrypt usb devices?
Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives. Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.
 

My Computer

System One

  • OS
    Windows 10
The encryption happens when you sign in to a MS account.

So to confirm I don't need Windows 11 Pro for Bitlocker and I get free encryption in Win 11 Home just by signing into my MS account?

Okay I ran the command and the results:

BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors: Numerical Password

Does this mean my device is encrypted?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
So to confirm I don't need Windows 11 Pro for Bitlocker and I get free encryption in Win 11 Home just by signing into my MS account?
Yes only for the internal drives.

You need Pro only if you wish to encrypt drives other than the internal drives.
 
Last edited:

My Computer

System One

  • OS
    Windows 10
Yes only for the C drive.

You need Pro only if you wish to encrypt drives other than the C drive.
Device encryption encrypts all fixed drives.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
Yes only for the internal drives.

You need Pro only if you wish to encrypt drives other than the internal drives.

Okay for external usb drives, does it use the same decryption keys used for the internal drive or different keys are generated for each new external drive?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
Device encryption encrypts all fixed drives.

Cmd command results:

BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors: Numerical Password

Is my internal drive already encrypted?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
md command results:

BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors: Numerical Password

Is my internal drive already encrypted?
It does not look like it.
I have no clients with a local account.
The only I could prove if it was encrypted or not is to pull the NVME put it in an external enclosure and see if it was accessible.
But even if it was, you would not have the key as it is stored in the MS account.
 

My Computer

System One

  • OS
    Windows 10
It does not look like it.
I have no clients with a local account.
The only I could prove if it was encrypted or not is to pull the NVME put it in an external enclosure and see if it was accessible.
But even if it was, you would not have the key as it is stored in the MS account.

Just to confirm protection status On means its encrypted?

Is there any way to encrypt it without signing into a MS account?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
Okay for external usb drives, does it use the same decryption keys used for the internal drive or different keys are generated for each new external drive?
It should be the same key for all devices you encrypt using that computer as far as know.
 

My Computer

System One

  • OS
    Windows 10

My Computer

System One

  • OS
    Windows 10

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na
Is it best to use Bitlocker or Veracrypt for Windows 11 for less compatibility issues and the best SSD drive performance?
I can't answer that. I do not encrypt my drives. Someone else will have to chime in.
 

My Computer

System One

  • OS
    Windows 10
I can't answer that. I do not encrypt my drives. Someone else will have to chime in.

Okay to confirm I need Windows 11 Pro to use Bitlocker without the need to sign into a MS account?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Victus 15-fa1006na

Latest Support Threads

Back
Top Bottom