Microsoft's Encryption Strategy for Windows 11 24H2
In May, reports emerged indicating that Microsoft was contemplating the implementation of default encryption for Windows 11 24H2 Home PCs. This move could potentially impact performance, even on high-speed NVMe SSDs. However, AMD’s newly launched Ryzen 9000 series processors promise significant enhancements in encryption performance through AES-XTS, which may mitigate some concerns for users with compatible hardware.
A notable challenge arises from the necessity of having a BitLocker recovery key in the event of such encryption changes. This requirement highlights one of the advantages of using a Microsoft Account (MSA) over a local account, as the recovery key is more easily accessible through the former.
Recently, a troubling issue surfaced when users reported their PCs booting into a BitLocker recovery screen following last month’s Patch Tuesday updates. As of now, Microsoft is still investigating this matter, leaving many users in a state of uncertainty.
New Guides for BitLocker Recovery
In light of the upcoming changes in 24H2 and the recent boot issue, Microsoft has introduced a series of new guides on its official website focused on BitLocker device encryption. Among these, two guides stand out as particularly beneficial, providing users with clear instructions on how to locate and back up their BitLocker recovery keys.
To retrieve a BitLocker recovery key that is linked to a Microsoft account, users can follow these steps:
- Attached to your Microsoft account
- From another device, open a web browser and navigate to https://aka.ms/myrecoverykey.
- Sign in with your Microsoft account and locate the key ID.
- Utilize the corresponding recovery key to unlock the drive.
Notes: - If the device was set up, or if BitLocker was activated by someone else, the recovery key may be stored in that individual’s Microsoft account.
- Starting with Windows 11, version 24H2, the BitLocker recovery screen will display a hint of the Microsoft account associated with the recovery key.
- Attached to your work or school account
- From another device, open a web browser and go to https://aka.ms/aadrecoverykey.
- Sign in with your work or school account.
- Select Devices and expand the device for which you need to retrieve the recovery key.
- Select the option View BitLocker Keys.
- Using the key ID, find the related recovery key and use it to unlock the drive.
In addition to the methods outlined above, Microsoft encourages users to check for any saved printouts or USB flash drives that may contain their recovery keys.
The importance of backing up the BitLocker recovery key cannot be overstated. Microsoft emphasizes, “It’s important to verify that this backup exists and is accessible, or to create an extra backup of your own.”
To create a backup of the BitLocker recovery key, users can follow these steps:
- From Start, type BitLocker and select Manage BitLocker from the list of results.
- In the BitLocker app, select Back up your recovery key next to the drive you wish to back up.
- Select your preferred backup method: