Avoiding Bitlocker Device Encryption on W10 Home

Page 1 of 2 12 LastLast

  1. Posts : 23
    Windows 10 Home x64
       #1

    Avoiding Bitlocker Device Encryption on W10 Home


    I haven't installed Windows 10 Home on my new system yet.

    I do not want to use Device Encryption (not to be confused with Bitlocker Drive Encryption, which isn't available on W10 Home). Not even with a "clear" key.

    My understanding is that Device Encryption requires the following: Secure Boot, TPM, Connected Standby-capable hardware, and a Microsoft account created during installation.

    Is it enough to just avoid one of those (for example, choosing a local account), or should I avoid as many of them as possible?

    Thank you so much for your time. This website is an absolutely amazing resource. I put my specs in my profile.
      My Computer


  2. Posts : 30,119
    Windows 11 Pro x64 Version 23H2
       #2

    Hi sonicwind. Welcome to the TenForums @sonicwind

    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption


    Of course in this article from January 2017 it seems to be but in their screen shot there is a Turn Off button.

    https://www.howtogeek.com/234826/how...on-windows-10/
      My Computer


  3. Posts : 5,478
    2004
       #3

    sonicwind said:
    Is it enough to just avoid one of those (for example, choosing a local account), or should I avoid as many of them as possible?
    One is enough - see the screen print in the howtogeek link @Caledon Ken posted above - there it isn't enabled as they used local account.

    It is at the top in the "Device Encription" section not the bitlocker section.
      My Computer


  4. Posts : 23
    Windows 10 Home x64
    Thread Starter
       #4

    Thanks to both of you for your help.

    I saw that webpage and understood that screen print differently. The button says "Turn off" and it also says "You need a Microsoft account to finish encrypting this device"

    I take that to mean Device Encryption is on, and the Microsoft account is needed to finish what it has started.

    Some of the Microsoft documents talk about the drive being encrypted, but with a "blank" key. It's still encrypted. Signing in apparently "finishes" it by replacing it with a real key.

    I guess I will try a local account with Secure Boot off and hope for the best.

    It looks like I can always decrypt by turning it off. I just don't know how long that would take.

    It would be great if Microsoft documents were consistent between each other.
      My Computer


  5. Posts : 1,524
    Windows 10 Pro (32-bit) 16299.15
       #5

    Caledon Ken said:
    Hi sonicwind. Welcome to the TenForums @sonicwind

    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption
    I have a tablet running W10 Home which is encrypted with device encryption - I don't know why it says that.

    The "non-Pro" versions of Windows have supported some form of device encryption since Windows 8.1, as long as the hardware meets the (quite stringent) conditions. I think it encrypts when you login with an admin-level MS Account (doesn't have to be the one used at installation). I seem to remember the requirement for an MS Account is so it can save the Recovery Key in that account (which it does silently).

    But you can turn it off within Settings as mentioned.
      My Computer


  6. Posts : 5,478
    2004
       #6

    DavidY said:
    Caledon Ken said:
    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption
    I have a tablet running W10 Home which is encrypted with device encryption - I don't know why it says that.
    That link was about bitlocker - it has nothing to do with device encryption.

    MS has been very vague about how it works but (presumably) under the covers it uses bitlocker which is enabled with default values when the conditions (connected standby being the most unusual) are met.

    While it is possible it encrypts with a blank key (Android does using the key "default_key") I honestly doubt MS would bother to re-invent the wheel when bitlocker already exists. In which case encryption only happens when (the conditions are met) to turn it on.

    It would be easy to test if you fancied it. If "turn off" takes a second it is inserting a default key but keeping the same encryption (like if you change the key). If it takes minutes or hours (like bitlocker does) it is decrypting.
      My Computer


  7. Posts : 30,119
    Windows 11 Pro x64 Version 23H2
       #7

    Sorry the first sentence in article says

    Avoiding Bitlocker Device Encryption on W10 Home-image.png
      My Computer


  8. Posts : 31,467
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #8

    Caledon Ken said:
    Sorry the first sentence in article says

    Avoiding Bitlocker Device Encryption on W10 Home-image.png
    Device Encryption is certainly available in Home. If your hardware meets all the strict the requirements...

    I have a reasonably new Dell Inspiron 15 with Windows 10 Home. Bitlocker is not installed on it, but nevertheless there is an option, Settings -> Device Encryption which is set to "on"....
    Answer
    Well, the naming convention doesn't help. It may not be bitlocker, but it still has encryption ability. (Surface RT tablets several years ago had the same ability).

    Encryption is used by default, similar to how iPhones (and now, Android) do it. Basically it is secure from the start. If you don't want security you can turn it off, but otherwise it is always secure right when you take it out of the box...
    https://answers.microsoft.com/en-us/...0-33978a023530
      My Computers


  9. Posts : 30,119
    Windows 11 Pro x64 Version 23H2
       #9

    So much for that article from MS.
      My Computer


  10. Posts : 31,467
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #10

    Caledon Ken said:
    So much for that article from MS.
    Better then to ask someone who's actually prepared to talk about it, like Dell...

    SUMMARY - Information on why you may see Bitlocker enabled on your new Dell system with Windows 10 Home edition.

    ...You may observe that BitLocker is enabled by default on your system out of the box on systems running Windows 10 Home Edition but this is not actually supported...

    Device encryption is a basic capability on PC’s running Windows 10, including those running Windows 10 Home. On these PC’s device encryption is automatically enabled when the following requirements are met:

    1. TPM must be enabled
    2. UEFI Secure Boot enabled
    3. System must support connected standby

    Even though the disk is showing BitLocker encryption, to fully enable Device Encryption you must sign in with either a Microsoft or Active Directory account.
    https://www.dell.com/support/article...efault?lang=en
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:26.
Find Us




Windows 10 Forums