none
BitLocker Device Encryption vs. Device Encryption RRS feed

  • Question

  • Hello,
    Microsoft states in the official comparison table (https://www.microsoft.com/en-us/windows/compare-windows-10-home-vs-pro), that there is a feature available on Windows 10 Home and Windows 10 Pro called "Device Encryption". In addition to that Windows 10 Pro should contain a feature called "BitLocker Device Encryption". If I understand this correct then Microsoft provides two different features for encrypting a Windows 10 device, but the full BitLocker Device encryption is only available for the Windows 10 Pro Version.

    If I take a look at another Microsoft Documentation (https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) Microsoft state that "With Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition.". From this statement it seems like the BitLocker Device Encryption is available for the Home Version.

    For me it looks like the naming of the two features are not consistent. Could someone please tell me, what the two encryption features are called and what the requirements are?

    Regards
    Felix Reichmann

     
    Monday, September 2, 2019 11:34 AM

Answers

  • It is not consistent, correct.

    On home, You will need a Microsoft account to use device encryption, since MS does not want home users to enable bitlocker, since they fear that home users don't know what they are doing encrypting their device and will ultimately lose access to it. So why logon with a Microsoft account? Because a Microsoft account is associated to OneDrive and the recovery key of "device encryption" will be saved to this cloud storage automatically, so that it's safely stored.

    Technically, device encryption is the same as bitlocker, with the limitation that you have no options to configure and no way to require preboot-authentication, but rely on the TPM chip alone.



    Monday, September 2, 2019 12:11 PM
  • Hi Felix,

    Despite device encryption use the same technology as BitLocker, but they aren’t consistent.

    When you run windows Home edition, Device encryption is the only choice, when you use Pro and higher editions, BitLocker can be enabled, which provides more management and features.

    @ Ronald, Microsoft now has been called BitLocker as BitLocker Device Encryption on their doc… but we don’t call it this.

    Overview of BitLocker Device Encryption in Windows 10

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10

    Felix, you could simply call them BitLocker and Device Encryption.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by FelixReichmann Sunday, September 8, 2019 8:36 PM
    Tuesday, September 3, 2019 2:31 AM
    Moderator

All replies

  • It is not consistent, correct.

    On home, You will need a Microsoft account to use device encryption, since MS does not want home users to enable bitlocker, since they fear that home users don't know what they are doing encrypting their device and will ultimately lose access to it. So why logon with a Microsoft account? Because a Microsoft account is associated to OneDrive and the recovery key of "device encryption" will be saved to this cloud storage automatically, so that it's safely stored.

    Technically, device encryption is the same as bitlocker, with the limitation that you have no options to configure and no way to require preboot-authentication, but rely on the TPM chip alone.



    Monday, September 2, 2019 12:11 PM
  • Hi Ronald Schilf,
    Thanks for the fast reply. That was exactly what I found out so far. Since I am writing a research work about disk encryption programs I would like to reference the two features by name. Do you have any recommendations for me, how to call them in my work?

    Regards
    Felix Reichmann

    Monday, September 2, 2019 12:33 PM
  • Call them Bitlocker and Device Encryption.

    Bitlocker was never called "Bitlocker device encryption", but "bitlocker drive encryption".

    Monday, September 2, 2019 12:44 PM
  • Hi Felix,

    Despite device encryption use the same technology as BitLocker, but they aren’t consistent.

    When you run windows Home edition, Device encryption is the only choice, when you use Pro and higher editions, BitLocker can be enabled, which provides more management and features.

    @ Ronald, Microsoft now has been called BitLocker as BitLocker Device Encryption on their doc… but we don’t call it this.

    Overview of BitLocker Device Encryption in Windows 10

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10

    Felix, you could simply call them BitLocker and Device Encryption.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by FelixReichmann Sunday, September 8, 2019 8:36 PM
    Tuesday, September 3, 2019 2:31 AM
    Moderator
  • Hi Teemo,
    Thanks for your reply. I will do this the way you and Ronald recommended it. This is fine for me.
    To give microsoft some feedback about this ambiguity I added the link to this question to the feedback section on the documentation page. Someone else gave already the same feedback with twelve reactions until now. Unfortunately, there has been no clear or corrective feedback from Microsoft on the users feedback so far.

    Regards
    Felix

    Sunday, September 8, 2019 8:46 PM