• Romkslrqusz@lemm.ee
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    4
    ·
    4 months ago

    […] device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.

    For devices with a TPM, this has literally been the case since Windows 10 1803 back in 2018.

    • bandwidthcrisis@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      But that’s not the case for Windows Home, is it? The FDE setting just takes me to a page to upgrade to Pro. My laptop does have TPM.

      • Romkslrqusz@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        It is, Secure boot and the TPM must both be enabled.

        If you check Msinfo32 / “System Information” with admin rights, there is a “device encryption” listing that maybhave additional information.

        There are rare instances where a device won’t support automatic encryption due to “Un-allowed DMA capable bus/device(s) detected” which requires a registry tweak to work around

        • bandwidthcrisis@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Un-allowed DMA capable bus/device(s)

          And there it is in msinfo!

          Thanks very much. I’ve been using veracrypt for years, it’s good to know that I have another option (especially to simplify things for family members).