Tech Q&A: Why you should turn off Windows 11 automatic data encryption

There always are a few surprises in a new Windows operating system.

Even so, I was quite surprised to find that my newly installed Windows 11 Home was encrypting all the data on my PC, even though I hadn’t told it to do so.

The fact is, I would never tell Windows to encrypt anything, because it’s the equivalent of putting my data in a locked room to which there is only one key. If I couldn’t find the key, I’d lose my data.

Microsoft, however, has decided to automatically encrypt the data on every Windows 11 computer without telling you about it. Locking down your data makes your PC safer, the company says.

Dear Microsoft: I will take my chances. I’m turning off encryption in Windows 11 before it’s too late and I lose my PC’s data. That’s my idea of security.

Here’s why readers should do the same if they get the free Windows 11 upgrade:

Microsoft didn’t give me basic safety information. Encryption scrambles the data on your disk, and that data can only be reassembled if you have the encryption key, a bit of code that functions like a password. So, where is the key? Microsoft didn’t tell me. (Some experts believe the encryption key will be stored in your online Microsoft account.)

You could be in big trouble if your Windows 11 PC stops working. Say your PC fails because of a flawed Windows update, a hard disk drive failure or a burned-out component on the main circuit board. Normally, you could take the nonworking PC to a repair shop and have all your data copied from the hard drive (or SSD, a computer chip substitute for a hard drive.) You could then have that data stored on another computer, or on the old one after it’s repaired.

But, if your data is encrypted and you don’t have the encryption key, you’re out of luck. The repair shop won’t be able to read your data and it will be lost forever.

Wait a minute, you say. Do I really have to turn off encryption, a new Microsoft security feature, to make sure I won’t accidentally lose my data?

You have one other option: Copy all your PC’s data to a flash drive or external hard drive. Data stored on those external devices won’t be automatically encrypted. If your PC then fails and you lack the encryption key, you’ll have the backups.

But, if you’d rather not make backups every day, here’s how to turn off automatic encryption. Go to the Windows 11 Settings (click the gear wheel icon in the tool bar) and click “privacy & security” on the left. On the right, click on “device encryption.” You’ll see that it’s turned on by default; flip the switch to off.

You’ll be warned that doing so will start a task that could take a lot of time. Do it anyway. Windows 11 will decrypt your PC’s data and leave it that way.

Note that this automatic encryption issue will only arise if you are able to upgrade from Windows 10 to 11 during the next few months. It turns out that the upgrade is being limited to PCs that can handle the computations needed for several new security features — and PCs more than three years old might be unable to do that. PCs that don’t qualify to run Windows 11 can continue to use Windows 10 until October 2025, when Microsoft will stop supporting it. After that, you’ll need to buy a new Windows 11 PC.

But, even if your PC is capable of being upgraded to Windows 11, is it a good idea do so? Some experts say you should wait awhile (see tinyurl.com/b6b5dyzt). I’d say go ahead and upgrade. I’ve been able to turn off the encryption feature I didn’t like. And, who knows, maybe Windows 11 will improve PC security.