Windows 8.1 adds automatic disk encryption
October 19, 2013 1 Comment
One thing enabled by default on all Windows 8.1 systems [assuming the hardware can support it], is the automatic usage of Bitlocker encryption on the disk.
All version of Windows 8.1 include it, while BitLocker is a Pro- or Enterprise-tier feature in Windows 8 and an Ultimate- and Enterprise-tier feature in Windows 7 or Vista.
To see if it is enabled, go to PC and devices section and click on PC Info. Towards the bottom of the screen you will see the encryption status of your system.
A user with administrator access will have to log in with a Microsoft account, at which point the device will generate a recovery key and upload it to Microsoft’s servers. This recovery key can then be accessed from another computer with your Microsoft account if you’re ever locked out of your system.
Active Directory user accounts can also be used to store the key, provided your domain administrator has enabled the proper Group Policy settings.
But in order for Windows 8.1 systems to take advantage of the automatic encryption, your system will need all of the following enabled:
- Support for the Secure Boot feature, which implies both UEFI support and 64-bit Windows.
- A Trusted Platform Module (TPM). The feature requires TPM 2.0, and most current devices use TPM 1.2.
- Hardware and firmware support for Windows’ Connected Standby feature. Connected Standby allows a sleeping system to wake up periodically and refresh certain data, like e-mail messages or calendar events. Your smartphone already does the same sort of thing. Note that Connected Standby is similar in concept to Intel’s Smart Connect Technology, but Smart Connect support does not imply Connected Standby support.
- Connected Standby comes with its own set of hardware requirements, including a solid-state boot volume, NDIS 6.30 support for all network interfaces, and memory soldered to the motherboard. The system must also rely on passive cooling when in Connected Standby mode, even if it normally uses a fan.
For the many systems that can’t support the new device encryption features, Windows 8.1 Pro and Enterprise still include the more traditional BitLocker drive encryption feature that has been a part of Windows since Vista.