Tech

Is your Windows 11 PC encrypted? The answer is surprisingly complex

Padlock on a laptop keyboardImage: FLY:D / Unsplash

You would think that Windows 11 PCs are all encrypted. Security is such a big focus for Microsoft’s latest operating system that automatically keeping stored data scrambled unless the computer is unlocked seems sensible. 

In fact, the mechanisms to do exactly that are already in place. Windows 11 Home and Windows 11 Pro both support automatic device encryption, with the Home version a more streamlined experience. You just have to sign into the machine with a Microsoft account, which nearly all people do during setup.

What trips up the process (and makes Windows 11 encryption so complicated) is your hardware. If a PC doesn’t meet the required standards, device encryption doesn’t automatically kick on, even if your laptop or desktop system is brand new. That doesn’t mean your computer can’t be encrypted, but you may have to do some work or pony up more cash to make it happen.

Note about “device encryption” vs “Device Encryption”: In this article, we use “device encryption” (lower case) as a general reference to secured data in both Windows Home and Pro. The official name for the feature in Windows 11 Home is Device Encryption; in Windows 11 Pro it’s called BitLocker Device Encryption.

How to check if your Windows 11 PC is encrypted

Open the Settings app. In the left-hand menu, choose Privacy & Security.

On PCs that don’t support device encryption, you won’t see anything related to the feature in the menu. (Why Microsoft doesn’t show a grayed-out option is anyone’s guess.)

PCWorld

On PCs that support device encryption, it appears as the third option from the top. Click on the menu item. The next screen will show your encryption status. By default, it should be on. If off, click the toggle to encrypt your PC.

PCWorld

Curious where your recovery key is? For Windows 11 Home users (and many Windows 11 Pro users), the key is saved to your Microsoft account. Windows 11 Pro users can also hop into their BitLocker settings via the Control Panel (Control Panel > BitLocker Drive Encryption) to manually save the key—which is a must if you log into your PC with a local account.

My Windows 11 PC is not encrypted. What now?

Presumably, you’re reading this section because you can’t encrypt your PC—that is, Device Encryption settings are invisible to you in Windows 11 Home—and you’d like to. So first, you need a general idea of why your system didn’t automatically enable encryption. Then you can decide to troubleshoot further, spend some money, or call it a wash.

Head to the System Information app. (Open the Start Menu, type “system information,” then right-click on the search result and choose Run as administrator.) When the app opens, scroll down to the bottom of the screen and look for Device Encryption Support. You should see a description that begins with “Reasons for failed automatic encryption.” Hover your cursor over that text to read the full rundown.

PCWorld

Depending on the reasons given, you may be able to fix the problem(s). A common one is a lack of support for Modern Standby—it’s a low-power state that allows a computer to run updates and other processes while asleep, as well as wake up instantly like a smartphone. Most current laptops support this feature, while many desktops don’t. Of those that do, a handful of PCs don’t have modern standby enabled by default, but you should be able to find tips online to help you flip it on.

Device encryption still won’t work after troubleshooting your roadblocks? You can upgrade to Windows 11 Pro. Shelling out $99 opens up access to BitLocker, which will work on systems without Modern Standby or even a TPM.

If you don’t want to spend any money, you can of course choose to go sans device encryption. (We don’t recommend it for security reasons, but it is an option.) You can also instead try a third-party encryption solution like VeraCrypt, which isn’t as seamless but costs nothing.

Why is encryption so complicated in Windows 11?

Given that modern smartphones pull off automatic device encryption seamlessly, Microsoft does surprise with this inconsistent application of the feature. But in fairness to Microsoft, PCs have a wider spread of possible configurations that Windows 11 could be installed on.

Fact of the matter is, if encryption is important to you (and for laptop owners, it should be), be prepared to check on your system’s status. You unfortunately can’t yet assume this area of security is covered out the gate.

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering software, PC building, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Recent stories by Alaina Yee:

Windows includes built-in ransomware protections. Here’s how to turn it onWindows blocks apps from changing your default browserWindows Hello can protect your Chrome passwords. Here’s how

Leave a Response