Data Encryption and Windows 11: Everything You Need to Know

BitLocker and Device Encryption are two forms of full disk encryption technology that encrypt all the drives on a PC. However, there are management tools available for BitLocker which allow admins to control which drives are encrypted and backup/recover keys. BitLocker is only available on Windows Pro, Enterprise, and Education, while Device Encryption comes with Windows Home. Interestingly, Device Encryption doesn’t offer the option to exclude secondary drives, but it’s still the same technology. Personal Data Encryption is a different encryption option altogether, as it doesn’t encrypt the whole drive, but only selected files and folders through 256-bit AES-CBC encryption keys protected by Win. Now let’s talk in more detail about data encryption in Windows 11.

Is your PC encrypted?

Modern smartphones come with automatic device encryption that works flawlessly. However, Microsoft’s implementation of this feature on Windows 11 is inconsistent. This is mainly due to the vast range of possible configurations that PCs can have. If you value encryption, which every laptop owner should, it’s essential to check your system’s status. Don’t assume that your security is covered right away.

To ensure your personal data on your PC is secure:

  1. Open the Settings app and choose Privacy & Security from the left-hand menu. Note that on some PCs that don’t support device encryption, this feature won’t appear in the menu. For those that do, it will be the third option from the top.
  2. Simply click on the menu item to view your encryption status, which should be on by default. If it’s not, toggle it to encrypt your PC.

As for your recovery key, Windows 11 Home users and many Windows 11 Pro users can find it saved in their Microsoft account, while Windows 11 Pro users can manually save it in their BitLocker settings via the Control Panel (Control Panel > BitLocker Drive Encryption). Keep this in mind if you log out frequently.

How to encrypt individual files?

Protecting your files is crucial, but did you know you can easily encrypt them in Windows? Here’s how:

1. Select the files in File Explorer

2. Right-click and choose Properties

3. Click the Advanced button in the Attributes section of the General tab

4. Check the ‘Encrypt contents to secure data’ checkbox

It’s that simple! However, note that this method uses the Encrypting File System built into Windows, which has a few drawbacks.

How to encrypt data as it is transmitted over the network?

The encryption methods built into Windows only protect data while it is stored on the device. They are transmitted over the network in the normal state. If someone can intercept the data, they can easily open it and see it. To improve Windows security when browsing the Internet, you need to use VPN for your PC. The technology involves encrypting information before sending it to the server and back to the client. Even if the data is intercepted, it will be almost impossible to decrypt it. To reliably protect your network, you should use VeePN for Windows 11, which uses flagship 256-bit encryption. It cannot be hacked by brute force. The main advantage of a VPN is that all processes take place without your participation, so you do not have to experience discomfort.

What to do if Windows 11 is not encrypted?

Are you unable to encrypt your PC on Windows 11 Home? Don’t worry, we’ll help you troubleshoot. First, let’s understand why your system didn’t enable encryption by default.

  1. Open the System Information app by typing “system information” in the Start Menu, right-clicking on the search result, and choosing “Run as administrator.”
  2. Scroll down to the bottom of the screen and look for “Device Encryption Support.”
  3. Hover over the “Reasons for failed automatic encryption” description to learn more.

To fix device encryption issues, you may need to enable Modern Standby on your computer. This low-power mode lets your device run updates and processes while asleep, and wake up quickly like a smartphone. While many laptops support this feature, a few desktops do. If your PC does support it, but it’s not enabled by default, you can find online resources to help you activate it.

Still, having trouble with encryption? Upgrading to Windows 11 Pro for $99 gives you access to BitLocker, which works even without Modern Standby or a TPM. If you don’t want to spend money, you can opt out of device encryption altogether.


Data encryption is an essential component of modern IT infrastructure, and Windows 11 has several options to choose from. BitLocker is the most powerful option, but it’s available only in Windows Pro or Enterprise versions. Alternatively, you can use Device Encryption for free on Home editions, which will help protect your data while stored on the device. To protect data transmission over the internet you can use a VPN. If you protect your data both during storage and transmission, it will definitely not be stolen or compromised.

Scroll to Top