How to stop automatic BitLocker Device Encryption during install on Windows 11

Microsoft will start enforcing encryption during installation with Windows 11, but you can keep the security feature disabled with these workarounds.

Windows 11 24H2 Device Encryption
Windows 11 24H2 Device Encryption / Image: Mauro Huculak
  • Windows 11 now enables Device Encryption automatically during installation, starting with version 24H2.
  • You can prevent the setup from turning on encryption by creating a custom USB bootable media with Rufus or modifying the Registry during installation.
  • Alternatively, you can turn off the Device Encryption feature on Pro and Home editions from the Settings app after installation.

UPDATED 8/15/2024: Starting with the release of Windows 11 24H2, Microsoft plans to enable encryption automatically during the operating system installation for both the Pro and Home editions using the “Device Encryption” feature. However, if you prefer not to use this security feature, you have a few workarounds to install the operating system without encryption or turn off the feature after the setup.

What is Device Encryption?

Device Encryption is a security feature designed to protect your files by encrypting the entire system drive. This ensures your data remains secure and inaccessible to unauthorized users, even if the device is lost or stolen.

On Windows 11, the feature uses the Advanced Encryption Standard (AES) to encrypt documents, pictures, and any kind of data you may have on the computer. It converts data into a format that cannot be read without the correct decryption key, helping protect data from unauthorized access.

In the past, computers were required to meet either Modern Standby or Hardware Security Test Interface (HSTI) security requirements, but starting with version 24H2 (2024 Update), the company is making changes to relax the requirements to enable encryption on more devices. Also, the latest version of the operating system doesn’t check untrusted Direct Memory Access (DMA) interfaces.

What’s the difference between BitLocker and Device Encryption?

BitLocker and Device Encryption are both security features to provide drive encryption. The difference is that BitLocker is a full-featured encryption tool that is only available on Windows 11 Pro, Enterprise, and Education.

On the other hand, Device Encryption is a simplified version of BitLocker that is available on Windows 11 Home and newer devices running Windows 11 Pro or higher editions. It provides basic encryption features aimed at consumer devices. Also, this feature only encrypts the installation and secondary drives. It does not encrypt external storage connected to the device.

Why turn off Device Encryption?

Although encryption is always a wise idea, there are still valid reasons to disable this feature. Sure, with modern hardware, encryption no longer has the same performance impact, but it can still be a concern for devices with older hardware and on gaming computers.

Another reason I can point out is compatibility since some applications or peripherals may not work as expected with an encrypted drive. Also, if you have a dual-boot system, you may encounter issues if you try running Windows alongside Linux on the same computer.

In addition, if you frequently move drives between systems or need to use data recovery tools that do not support encrypted drives, having encryption disabled can simplify these processes. Also, while encryption keys are designed to secure data, losing access to these keys can result in permanent data loss.

In this guide, I will explain several ways to prevent the Windows 11 setup from encrypting your device and the steps to turn off encryption after installation.

Disable Device Encryption using Rufus

To use Rufus to create a bootable media of Windows 11 that disables encryption, connect a USB flash drive with 8GB of space, and then use these steps:

  1. Open Rufus website.

  2. Click the link to download the latest version under the “Download” section.

  3. Double-click the executable to launch the tool.

  4. Click the Settings button (third button from the left) at the bottom of the page.

  5. Use the “Check for updates” drop-down menu and select the Daily option under the “Settings” section.

  6. Click the Close button.

  7. Click the Close button again.

  8. Open Rufus again.

  9. (Optional) Under the “Device” section, use the drop-down menu and select the USB flash drive to create the installation media.

  10. Use the drop-down menu and select the “Disk or ISO image” option under the “Boot selection” section.

  11. Click the down-arrow button (on the right side) and select the Download option.

    Rufus Windows 11 ISO download option

  12. Click the Download button.

  13. Select the Windows 11 option.

  14. Click the Continue button.

  15. Select the release of Windows 11 to download.

    Rufus Windows 11 ISO download

  16. Click the Continue button.

  17. Select the Windows 11 Home/Pro/Edu option.

  18. Click the Continue button.

  19. Select the language of Windows 11.

  20. Click the Continue button.

  21. Select the x64 architecture option.

  22. Click the Download button.

  23. Select the location to save the ISO file automatically.

  24. Choose the “Standard Windows 11 Installation” option under the “Image option” setting.

  25. (Optional) Continue with the default settings after the download.

  26. (Optional) Specify a name for the drive under the “Volume label” setting.

  27. Click the Start button.

  28. Clear all the options (as necessary).

  29. Check the “Disable BitLocker automatic drive encryption” option.

    Disable BitLocker automatic drive encryption

  30. Click the OK button.

Once you complete the steps, you can use the bootable media to perform a clean install of Windows 11 without automatic device encryption.

Disable Device Encryption during setup

To disable encryption during the Windows 11 24H2 installation, use these steps:

  1. Start the PC with the Windows 11 24H2 USB flash drive.

  2. Press any key to continue.

  3. Choose the installation language and format.

    Windows 11 24H2 setup language option

  4. Click the Next button.

  5. Choose the keyboard and input method.

    Windows 11 setup keyboard option

  6. Click the Next button.

  7. Select the “Install Windows 11” option.

    Install Windows 11 24H2 option

  8. Check the “I agree everything” option to confirm this process will delete everything on the computer.

  9. Click the “I don’t have a product key” option.

    I don't have a product key

    Quick note: The device will activate automatically if this is a reinstallation. If this is a new computer, you must provide a product key.
  10. Select the edition of “Windows 11” your license key activates (if applicable).

    Choose edition of Windows option

  11. Click the Next button.

  12. Click the Accept button

  13. Select each partition on the hard drive where you want to install the operating system and click the Delete button. (Usually, “Drive 0” is the drive that contains all the installation files.)

    Windows 11 24H2 partition setup

  14. Select the hard drive (Drive 0 Unallocated Space) to install Windows 11.

    Clean install Windows 11 24H2 on unallocated space

  15. Click the Next button.

  16. Click the Install button.

    Windows 11 24H2 clean install

  17. After the installation, use the “Shift + F10” keyboard shortcut to access the first page of the out-of-the-box experience (OOBE).

  18. Type the regedit command and press Enter to open the Registry.

  19. Browse to the following path in the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
  20. Right-click the BitLocker key, choose New, and click the “DWORD (32-bit) Value” option.

    BitLocker create Registry key

  21. Confirm the PreventDeviceEncryption name for the DWORD value and press Enter.

  22. Right-click the newly created key and choose the Modify option.

  23. Change the value from 0 to 1.

    Registry enable PreventDeviceEncryption

  24. Click the OK button.

  25. Click the Close (X) button in the Registry app.

  26. Click the Close (X) button in the Command Prompt app.

  27. Continue with the on-screen directions to finish the version 24H2 setup.

After you complete the steps, the installation of Windows 11 will not be encrypted with BitLocker.

Disable Device Encryption after installation

To disable Device Encryption after the Windows 11 installation, use these steps:

  1. Open Settings.

  2. Click on Privacy & security.

  3. Click the Device Encryption page.

  4. Turn off the “Device Encryption” toggle switch.

    Windows 11 Pro and Home disable Device Encryption

  5. Click the Turn off button.

Once you complete the steps, Windows 11 will disable encryption on your computer.

In the case that you want to use your computer with encryption, it’s recommended to back up the BitLocker recovery key as if the unexpected happens, you will have a way to recover.

It’s important to note that many computer manufacturers have been encrypting devices by default for a long time, and the ability to use encryption during installation isn’t new to Windows 11. However, starting with version 24H2, Microsoft will try to enforce the feature more, even when you reset your computer. However, the security feature won’t turn on automatically when upgrading from an older version to 24H2.

Are you turning off encryption on your computer? Or do you have any questions? Let me know in the comments below.

Update August 15, 2024: This guide has been updated to ensure accuracy and reflect changes to the process.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 15 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 21 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].