Why is the encryption tool missing from Windows 11?
To understand why some users are missing device encryption, we first need to dig into Hibernate and Modern Standby.
Hibernate mode, when enabled, allows users to quickly wake up their computer. This eliminates the need to boot from scratch. When the computer enters sleep mode, it is locked and encrypted.
To encrypt data in Windows 11 Home, Microsoft uses BitLocker – but not the full version with advanced features, as this is reserved for Windows 11 Pro. This results in longer wake times, so Microsoft added Modern Standby. It keeps certain processes and programs running in the background when the computer is idle. In order to access those processes and programs, Modern Standby needs to decode the data that is automatically encoded in idle mode.
Modern Standby is directly related to the device encryption feature in Windows 11 Home. He needs this access to do his job. What’s the problem?
As it turns out, “Modern Standby” is missing on some Windows 11 Home PCs. When this happens, the Device Encryption option is also missing because the two are linked. Basically, it’s a bug, one that prevents a Windows 11 Home computer from encrypting data when the computer is in Sleep, Hibernate, Locked, Inactive, or Turned Off. It’s still not clear why, but the bug only affects some Windows 11 Home computers?
Note that modern standby is not the same as sleep mode. These are two separate features, although they are related in some way. Hibernate mode puts your computer to sleep, while Modern Hibernate keeps certain processes running to improve wake-up time. Even if modern standby is missing, sleep mode will work perfectly on your computer, it just won’t be able to encode data, and the wake time will be slightly longer.
How to know if there is a ”Virgo Encryption”, that is, the encryption device inside Windows 11?
There are several ways to find out if encryption is working on your computer running Windows 11 Home.
Open “My Computer” and if you see an unlock icon on the C: drive, the drive is encrypted. It could be another drive, but the C: drive is usually where the operating system and important applications and files are stored. Another way is to check your device’s encryption settings.
Open “Windows Settings” and go to “Settings -> Privacy & Security”. If you can’t see device encryption listed as in the screenshot below, it’s missing due to conflicts in Modern Standby.
You need to meet some criteria for encryption to work on Windows 11 Home. Otherwise, you won’t even see an option to enable/disable it. Let’s look at those criteria.
Prerequisites that Windows 11 Home needs to meet for encryption to work
Whether you’re using a Home or Pro license for Windows 11, you’ll need to meet certain requirements to be able to use encryption:
- TPM module 2.0 (“Trusted Platform Module”) with support for modern standby or “Modern Standby”
- TPM must be enabled
- The UEFI (“Unified Extensible Firmware Interface”) utility must be installed
How does device encryption work on Windows 11 Home?
If you have the option to encrypt your device in Windows 11 Home settings, follow these steps to encrypt data on your computer:
- Press Win + I keys to navigate to “Settings->Privacy & Security”. Click on “Encrypt device”.
- Slide the device encryption switch to “On”.
In case you don’t see this option, it means that device encryption is not working on your computer.
Alternative ways to encrypt data on a Windows 11 system
If data encryption itself isn’t available on your Windows 11 Home PC, these options for encrypting your data or even your entire hard drive can help:
- Encrypt and securely store data using OneDrive
OneDrive comes with a unique feature: a personal vault. It is a special directory created by default inside the primary OneDrive directory, which is encrypted by default. You can store all file formats in it. The free version of OneDrive only supports storing up to three fairly limited files, so you’ll need to upgrade. On the other hand, your data is encrypted and stored in the cloud, so even if something happens to your computer, you can access it on another computer. It works on both Android and iOS. We also recommend that you enable 2FA for your Microsoft account.
- Encrypt your Windows PC with VeraCrypt
VeraCrypt is a free and open source encryption program for Windows OS and is available on GitHub. You can also download it from SourceForge. It is based on an older version of TrueCrypt that no longer exists. VeraCrypt is updated from time to time and supports other OS as well, such as Linux and macOS.
Download and install the app like any other Windows app. Once done, launch the application and click on “Encrypt System Partition/Drive” in the “System” tab.
You will be asked to choose between “Normal” and “Hidden”. Normal mode means that VeraCrypt will encrypt the system partition, usually the C drive, and create a password. Each time you want to access the drive, you must enter a password. Hidden creates a new drive with a so-called “decoy” or fake partition. This gives you two drives with two operating systems: one real and one dummy. If someone forces you to enter a password, you can give access to a fake partition. Click “Next” and follow the on-screen instructions according to what you selected in the previous step. If you selected Hidden, you will be prompted to select a location to create the dummy partition. If you have Windows installed on one drive and other data on another, select “Encrypt Windows partition”. If you select “Encrypt entire disk”, other partitions you may have created for better file and directory management will also be encrypted.
You may be asked to choose between single boot and multi boot. Select “single-boot” if you have only Windows OS installed. Select multiboot if you have multiple operating systems installed, such as Ubuntu. You will now see the encryption options. The default AES and SHA-512 options are fine for most users, except those who are more advanced. It is recommended to choose a strong password. Write it down somewhere or remember it. Losing the password can result in the drive being permanently locked.
Here are some additional features that can help you:
- ”Use keyfiles” – adds an extra layer of security by asking you to display some files stored on the pen drive. For example: before accepting a password. If you lose the selected files, you cannot decode the drive/partition.
- ”Display Password – Simply show the password you entered so you know it and can confirm it one last time before moving forward.
- ”Use PIM– Like key files, this also adds a layer of protection. Here you will enter a number that you will need to enter every time you enter your password. A higher value can also help protect against attacks.
It says: RG