Windows 10: Avoiding Bitlocker Device Encryption on W10 Home

Page 1 of 2 12 LastLast
  1.    2 Weeks Ago #1

    Avoiding Bitlocker Device Encryption on W10 Home


    I haven't installed Windows 10 Home on my new system yet.

    I do not want to use Device Encryption (not to be confused with Bitlocker Drive Encryption, which isn't available on W10 Home). Not even with a "clear" key.

    My understanding is that Device Encryption requires the following: Secure Boot, TPM, Connected Standby-capable hardware, and a Microsoft account created during installation.

    Is it enough to just avoid one of those (for example, choosing a local account), or should I avoid as many of them as possible?

    Thank you so much for your time. This website is an absolutely amazing resource. I put my specs in my profile.
      My ComputerSystem Spec

  2. Caledon Ken's Avatar
    Posts : 9,836
    Windows 10 Pro x64 Build 1803
       2 Weeks Ago #2

    Hi sonicwind. Welcome to the TenForums @sonicwind

    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption


    Of course in this article from January 2017 it seems to be but in their screen shot there is a Turn Off button.

    https://www.howtogeek.com/234826/how...on-windows-10/
      My ComputerSystem Spec

  3.    2 Weeks Ago #3

    sonicwind said: View Post
    Is it enough to just avoid one of those (for example, choosing a local account), or should I avoid as many of them as possible?
    One is enough - see the screen print in the howtogeek link @Caledon Ken posted above - there it isn't enabled as they used local account.

    It is at the top in the "Device Encription" section not the bitlocker section.
      My ComputerSystem Spec

  4.    2 Weeks Ago #4

    Thanks to both of you for your help.

    I saw that webpage and understood that screen print differently. The button says "Turn off" and it also says "You need a Microsoft account to finish encrypting this device"

    I take that to mean Device Encryption is on, and the Microsoft account is needed to finish what it has started.

    Some of the Microsoft documents talk about the drive being encrypted, but with a "blank" key. It's still encrypted. Signing in apparently "finishes" it by replacing it with a real key.

    I guess I will try a local account with Secure Boot off and hope for the best.

    It looks like I can always decrypt by turning it off. I just don't know how long that would take.

    It would be great if Microsoft documents were consistent between each other.
      My ComputerSystem Spec


  5. Posts : 1,480
    Windows 10 Pro (32-bit) 16299.15
       2 Weeks Ago #5

    Caledon Ken said: View Post
    Hi sonicwind. Welcome to the TenForums @sonicwind

    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption
    I have a tablet running W10 Home which is encrypted with device encryption - I don't know why it says that.

    The "non-Pro" versions of Windows have supported some form of device encryption since Windows 8.1, as long as the hardware meets the (quite stringent) conditions. I think it encrypts when you login with an admin-level MS Account (doesn't have to be the one used at installation). I seem to remember the requirement for an MS Account is so it can save the Recovery Key in that account (which it does silently).

    But you can turn it off within Settings as mentioned.
      My ComputerSystem Spec

  6.    2 Weeks Ago #6

    DavidY said: View Post
    Caledon Ken said: View Post
    According to this MS article dated July 2018 this feature is not available in Windows 10 Home.

    https://support.microsoft.com/en-au/...ice-encryption
    I have a tablet running W10 Home which is encrypted with device encryption - I don't know why it says that.
    That link was about bitlocker - it has nothing to do with device encryption.

    MS has been very vague about how it works but (presumably) under the covers it uses bitlocker which is enabled with default values when the conditions (connected standby being the most unusual) are met.

    While it is possible it encrypts with a blank key (Android does using the key "default_key") I honestly doubt MS would bother to re-invent the wheel when bitlocker already exists. In which case encryption only happens when (the conditions are met) to turn it on.

    It would be easy to test if you fancied it. If "turn off" takes a second it is inserting a default key but keeping the same encryption (like if you change the key). If it takes minutes or hours (like bitlocker does) it is decrypting.
      My ComputerSystem Spec

  7. Caledon Ken's Avatar
    Posts : 9,836
    Windows 10 Pro x64 Build 1803
       2 Weeks Ago #7

    Sorry the first sentence in article says

    Click image for larger version. 

Name:	image.png 
Views:	3 
Size:	11.8 KB 
ID:	203113
      My ComputerSystem Spec

  8. Bree's Avatar
    Posts : 8,627
    10 Home x64 (1803) (10 Pro on 2nd pc)
       2 Weeks Ago #8

    Caledon Ken said: View Post
    Sorry the first sentence in article says

    Click image for larger version. 

Name:	image.png 
Views:	3 
Size:	11.8 KB 
ID:	203113
    Device Encryption is certainly available in Home. If your hardware meets all the strict the requirements...

    I have a reasonably new Dell Inspiron 15 with Windows 10 Home. Bitlocker is not installed on it, but nevertheless there is an option, Settings -> Device Encryption which is set to "on"....
    Answer
    Well, the naming convention doesn't help. It may not be bitlocker, but it still has encryption ability. (Surface RT tablets several years ago had the same ability).

    Encryption is used by default, similar to how iPhones (and now, Android) do it. Basically it is secure from the start. If you don't want security you can turn it off, but otherwise it is always secure right when you take it out of the box...
    https://answers.microsoft.com/en-us/...0-33978a023530
      My ComputersSystem Spec

  9. Caledon Ken's Avatar
    Posts : 9,836
    Windows 10 Pro x64 Build 1803
       2 Weeks Ago #9

    So much for that article from MS.
      My ComputerSystem Spec

  10. Bree's Avatar
    Posts : 8,627
    10 Home x64 (1803) (10 Pro on 2nd pc)
       2 Weeks Ago #10

    Caledon Ken said: View Post
    So much for that article from MS.
    Better then to ask someone who's actually prepared to talk about it, like Dell...

    SUMMARY - Information on why you may see Bitlocker enabled on your new Dell system with Windows 10 Home edition.

    ...You may observe that BitLocker is enabled by default on your system out of the box on systems running Windows 10 Home Edition but this is not actually supported...

    Device encryption is a basic capability on PCs running Windows 10, including those running Windows 10 Home. On these PCs device encryption is automatically enabled when the following requirements are met:

    1. TPM must be enabled
    2. UEFI Secure Boot enabled
    3. System must support connected standby

    Even though the disk is showing BitLocker encryption, to fully enable Device Encryption you must sign in with either a Microsoft or Active Directory account.
    https://www.dell.com/support/article...efault?lang=en
      My ComputersSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Accessing Bitlocker Drive Encryption menu in AntiVirus, Firewalls and System Security
Although I'm an Admin on my Win 10 Pro system (Surface Laptop), I can't access the subject menu. Instead, I receive the SysAdmin notice, as in the screenshot. This seems like a new "feature," as I could access it from my previous Win 10 Surface. I...
Solved BitLocker - Used Space Encryption on used Laptop? in AntiVirus, Firewalls and System Security
I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive. I managed to run bitlocker successfully by encrypting only used space. My...
Bitlocker Device Encryption enabled after imaging in AntiVirus, Firewalls and System Security
I am trying to create a Windows 10 image for my organization, and cannot figure out one particular issue with Bitlocker. It seems that after I sysprep, and throw the image on a new computer, it then has BitLocker partially enabled. What I mean is...
Cannot resume bitlocker encryption after restart in AntiVirus, Firewalls and System Security
I was trying to encrypt my USB external hard drive (1 TB, mounted to E:) using BitLocker, and after the encryption got 10.1% finished, I accidentally shut down the computer. After restarting, I tried to resume the encryption, but it gives me an...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 04:24.
Find Us