• Romkslrqusz
    link
    fedilink
    English
    163 months ago

    […] device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.

    For devices with a TPM, this has literally been the case since Windows 10 1803 back in 2018.

    • @bandwidthcrisis
      link
      English
      33 months ago

      But that’s not the case for Windows Home, is it? The FDE setting just takes me to a page to upgrade to Pro. My laptop does have TPM.

      • Romkslrqusz
        link
        fedilink
        English
        23 months ago

        It is, Secure boot and the TPM must both be enabled.

        If you check Msinfo32 / “System Information” with admin rights, there is a “device encryption” listing that maybhave additional information.

        There are rare instances where a device won’t support automatic encryption due to “Un-allowed DMA capable bus/device(s) detected” which requires a registry tweak to work around

        • @bandwidthcrisis
          link
          English
          13 months ago

          Un-allowed DMA capable bus/device(s)

          And there it is in msinfo!

          Thanks very much. I’ve been using veracrypt for years, it’s good to know that I have another option (especially to simplify things for family members).