Every other platform—Mac, iOS, Android, Chrome OS, and Linux—offers full disk encryption. But, if your PC doesn’t ship with encryption, you’ll need the Professional version of Windows 10—a $100 upgrade from Windows Home.
Why Disk Encryption Matters
Disk encryption is extremely important, especially for laptops. Even if someone steals your laptop or you misplace it somewhere, people can’t view your private data without permission as long as your disk is encrypted.
This isn’t about stopping the government from spying on you. It’s about protecting any sensitive information you might have on a laptop against thieves and other threats. Regular computer users might have sensitive financial data, business documents, saved passwords, or just private communications and photos on their PCs. Encryption prevents anyone who gets their hands on the laptop from snooping on that data.
Microsoft added a disk encryption feature named “BitLocker” to Windows a long time ago, but if you use the Home edition of Windows, you’re pretty much out of luck. Unless, of course, you’re willing to upgrade to the Professional edition.
Only Windows Professional Includes BitLocker, and It Costs $100
The BitLocker feature has been part of the Professional edition of Windows ever since it was introduced with Windows Vista. Typical PCs you buy come with Windows 10 Home, and Microsoft charges $99.99 to upgrade to Windows 10 Professional.
Microsoft wants to charge more for business features, and that’s fine. Average home users don’t need Hyper-V virtual machines, a remote desktop server, or domain join. However, BitLocker is unusual among the Professional-only features. It’s something that every Windows user would benefit from.
It’s especially silly that BitLocker is a Pro-only feature when Windows 10 even makes Storage Spaces drive pooling available to Home users. Home Windows users can mirror data across several physical disks (an arguably more business-focused feature), but they can’t enable encryption.
Some (But Not All) New PCs Have Device Encryption
A Microsoft spokesperson told us that “Windows 10 offers BitLocker automatic device encryption on all SKUs, including Home, provided their hardware can support this.” This is true—kind of. Microsoft’s documentation is very confusing on the subject. For example, this Microsoft Support page claims Windows 10 Home offers no encryption features.
Here’s what’s going on: Starting with Windows 8.1, Microsoft began offering “Device Encryption”—which has now apparently been renamed to “BitLocker Device Encryption”—on some new PCs. If you have a new Windows 10 PC, your PC may or may not support Device Encryption. It’s up to the manufacturer.
You can check whether device encryption is available on your PC by heading to Settings > System > About and looking for a “Device Encryption” section. If you don’t see anything about Device Encryption, your PC doesn’t support it.
It’s unclear exactly what hardware is required for BitLocker Device Encryption to be enabled on new PCs. We’ve purchased new Windows 10 PCs that didn’t come with Device Encryption enabled, and manufacturers and reviewers never bother saying whether a PC supports Device Encryption. When you buy a new Windows 10 PC, there’s no way of knowing whether it comes with encryption or whether you’ll have to spend $100 on Windows Professional for that feature.
More importantly, all those older PCs that originally ran Windows 7 or 8 don’t have access to Device Encryption at all on Windows 10. This means that the majority of Windows PCs in the wild don’t have access to encryption without paying Microsoft extra.
BitLocker Device Encryption actually works a bit differently than traditional BitLocker. Device Encryption is seamless and only used if you sign in with a Microsoft account or join your PC to a domain, so a user who forgets their password can recover their encryption key. It also can’t encrypt removable disks. But, while it doesn’t have all the powerful options that the regular BitLocker offers, it’s solid disk encryption and we’re not going to nitpick.
All Windows Users Deserve Disk Encryption
Microsoft’s documentation says that “Microsoft expects that most devices in the future will pass the testing requirements” and will therefore support BitLocker Device Encryption. That’s encouraging for the future—but what about now?
The same Microsoft spokesperson told us that “For the rare cases in which a user’s device does not support BitLocker automatic device encryption, they are still able to benefit from the robust automatic, seamless protection that Windows 10 offers inbox including features like Windows Hello, Trusted Boot, and more.”
But it’s not rare—most Windows PCs being used today don’t support BitLocker’s automatic Device Encryption. And Microsoft shouldn’t withhold encryption, a critical security feature, from most Windows users. Windows Hello is nice, but it has nothing to do with disk encryption.
We think Microsoft should update Windows 10 Home to offer a form of BitLocker disk encryption to all Windows users. Yes, it may be a tad slower and a little harder to set up, but Windows users deserve to have the choice to encrypt their data without spending another $100. Microsoft should have done this years ago.