Microsoft may be rolling out a new feature as part of the latest Windows 11 update that will boost security but slow down SSD performance. We’re talking about BitLocker, of course, a device encryption feature that will be turned on by default as part of the upcoming 24H2 update.
In the past, BitLocker encryption was available only on Windows Pro editions, but the new update lowers the eligibility criteria, extending encryption capabilities to a broader range of devices.
In theory, this sounds great. Who wouldn’t want some additional security for their data? Well, a key concern with having BitLocker on by default is its potential impact on SSD performance. Tom’s Hardware tested BitLocker on various SSDs last year and found that it can significantly affect performance. The tests showed that when BitLocker encryption is enabled, sequential read speeds could drop by up to 45% and write speeds by up to 40%. Random read and write speeds were also affected, though to a lesser extent.
The performance hit varied depending on the drive and workload, but overall, the results highlighted a noticeable slowdown, especially for tasks involving large data transfers.
Because BitLocker will be turned on by default, that could mean that plenty of people will install the update without realizing they’re taking a hit in SSD performance. As pointed out by The Verge, however, Microsoft has only confirmed its plans to enable BitLocker by default through support documents, which do not mention any potential performance drawbacks.
This could either mean that Microsoft has found a way to eliminate potential performance issues or doesn’t deem this problem to be big enough. As BitLocker becomes a default feature, users with SSDs, particularly those with older or slower models, should be aware of possible performance hits.
It’s also worth noting that BitLocker will only be on by default for new PCs, such as the currently available Copilot+ PCs, or if you perform a clean install of Windows. Upgrading an existing Windows 11 system to 24H2 will not enable this feature automatically. Similarly, if you are using a local account instead of logging in to a Microsoft account, automatic encryption will not be enabled by default and can be manually activated via the BitLocker option under Settings or Control Panel.
There are upsides to having it on by default, of course. By enabling encryption by default, you’ll benefit from enhanced security without needing to manually activate or configure the settings. This initiative is expected to have a significant impact, particularly for non-techy folk who might not otherwise enable such features.
There are a couple of other security changes rolling out with the upcoming Windows 11 update, too. Firstly, the update is expected to simplify encryption by removing the need for certain hardware features that were previously necessary. Notably, devices no longer need Hardware Security Test Interface (HSTI) or Modern Standby to enable automatic encryption. The update also eliminates the need to check for untrusted Direct Memory Access (DMA) interfaces, streamlining compliance with Hardware Lab Kit (HLK) standards for manufacturers.