Device Encryption is silently being enabled on all Windows 10 and Windows 11 Home editions that meet the hardware requirements and you’re signed in with a Microsoft account. That’ll be most people who have a Windows 11 PC.
It’s very important that you check whether or not device encryption is enabled on your computer and if it is, then you MUST either disable it or find your recovery key. I’ll show you how to do both.
What Is Device Encryption?
Device Encryption is a security feature that automatically encrypts (scrambles) the data on your hard drive. All your files (documents, pictures videos etc). On many modern computers, this feature enables itself when you sign in with a Microsoft account.
It doesn’t require any interaction from you the user. You won’t see any notifications. It happens in the background and you’d be quite unaware that your hard drive (and all your data) is silently being encrypted.
What Are The Dangers Of Device Encryption?
Once your data has been encrypted it can only be retrieved when your computer boots up (starts up) normally or by entering a recovery key to unlock the drive.
Consider this, all Windows computers will eventually fail to boot. Even that shiny new PC you might be using right now will fail to start properly. It may be tomorrow, next week, next month, next year but it will fail.
When that happens you’ll need your recovery key to unlock your drive and retrieve all your files. Without the recovery key all your data (pictures documents etc) will be gone.
So here’s my question to you, do you have access to your recovery key? Do you know where to find it? Could you access it if your PC wasn’t working?
If you’re answering no to any of those questions then you really do need to continue reading this guide.
How To Enable Or Disable Device Encryption
The first thing to do is to check whether or not Device Encryption is enabled on your computer. That’s easy to do.
Click the Start button and type “device encryption”
- If you only see a link to a web page in the search results then your computer doesn’t have Device Encryption available to it. In that case you’ve nothing to worry about.
- On the other hand if you see Device Encryption Settings (system settings), then most likely your data is being encrypted and you really should investigate further. Click Device Encryption Settings.
Turn It On Or Turn It Off
Click the toggle switch to turn Device Encryption on or off.
If you toggle it off your data will be decrypted.
But if you would prefer to keep it turned on (which is the default) then you must find your recovery key now.
Find Your Recovery Key
When Device Encryption enables itself it’ll automatically create a recovery key and store it in your Microsoft account. To find the recovery key you’ll need to log in to your MS account.
Sign in to your Microsoft account. You might be asked for either your PIN or your password. You might also need to verify yourself using 2FA.
- On the account home screen, scroll down to the Devices section. Click View Details under any of the listed devices.
- Now scroll down the page to BitLocker Data Protection section and click Manage Recovery Keys.
- The recovery key for each of your encrypted devices should be there. It’s the 48 digit number.
Should You Have Device Encryption On?
The answer to that question very much depends on you yourself. If you’re confident that you can retrieve the recovery key then it probably isn’t doing any harm in having it enabled. But remember that you might need the key sometime next year or the one after that. Will you still know how to get to it?
If you’re more like me and will probably lose the recovery key, or maybe lose access to your MS account, then turn Device Encryption off, disable it. The plain and simple truth is that Windows computers do fail. When that happens you don’t want to lose all your data as well.
FAQs
Q: Does encryption protect files against ransomware?
A: No, not at all. Any file or folder that is encrypted can always be encrypted again.
Q:Does this protect me from hackers online?
A: No, once your computer has booted up and you’ve signed in your drive is unlocked. So anyone with remote access will be able to see your files.
Q: I deleted or have lost access to Microsoft Account. Can I still get my recovery key?
A: No. This is why it’s very important that you both know about Device Encryption and you save the recovery key somewhere other than just your online MS account.
Q: I am just updating my BIOS. Do I need to worry about this?
A: Yes definitely. There’s a good chance that a UEFI/BIOS update could be seen by Windows as a “new” motherboard. In that case you’d need your recovery key.
Q: Does it encrypt my external USB drives?
A: No. Windows Home Device Encryption only encrypts your internal system drive (usually C:). To encrypt external drives you’d need to BitLocker To Go which isn’t available on Home editions of Windows.
Summary
On a home computer I think the risk of losing data far exceeds the amount of protection that Device Encryption offers. My advise is simple, disable it.
Related Posts
How To Password Protect And Encrypt A File Or Folder On Your PC.
Use VeraCrypt to encrypt your private files.
How To Use Microsoft BitLocker.
BitLocker can be used to encrypt your entire hard drive but only if you have a Pro edition of Windows.
Enable BitLocker without a TPM
No compatible TPM? No problem. Microsoft have thought of that.
Create An ISO File From An Optical Disc
No CD/DVD drive on your new PC? No problem. Convert old optical discs into ISO files.
An ISO file can be mounted as a virtual drive on modern computers. Easy to do and works every time,
