Microsoft’s BitLocker software encryption of for SSDs, which is activated by default in Windows 11 Pro, causes a massive reduction in the performance of storage drives. TomsHardware conducted extensive tests of the feature and discovered that the speed of SSDs can be reduced by up to 45 percent, depending on the application.
That’s because with software-based BitLocker encryption, the processor is constantly busy encrypting and decrypting the data on the SSD during all write and read processes, which has an impact on the performance of the system.
Windows 11’s developers are to blame for the problem, because actually many SSDs now support hardware-based encryption, in which all decryption and encryption processes are handled directly by the SSDs. Windows 11 Pro nevertheless activates BitLocker’s software-based encryption during installation without giving the user the possibility to prevent it.
Microsoft probably decided to do this because it does not have full control over the code for hardware-based encryption, as that’s managed by the SSD manufacturers. A few years ago, there were incidents where vulnerabilities were discovered in hardware encryption code that had to be fixed by the manufacturers. So Microsoft seems to prefer to rely on its own solution here.
Windows 11 Home is not affected because it does not support BitLocker encryption.
To find out if your SSDs are affected by the problem, open the Windows 11 Pro command line with admin rights and enter the command
This will start the “BitLocker Drive Encryption: Configuration Tool,” which analyses all the drives in your computer.
Under “Conversion Status,” you can find out whether the data on the SSD is encrypted. Under “Encryption Method,” Windows 11 Pro shows whether software encryption (“XTS-AES”) or hardware encryption (“Hardware Encryption”) is used.
If “XTS-AES” is displayed here, BitLocker software encryption is used. If “Fully decrypted” is displayed under Conversion status, BitLocker is switched off on the computer.
How to solve SSD slowdowns under Windows 11 Pro
TomsHardware’s tests show that users who use applications that put a lot of strain on the SSDs can expect a noticeable drop in SSD performance. Microsoft could provide a general remedy with a patch for Windows 11 Pro. It is not known whether such a patch is already in development.
If that bothers you, first ask yourself whether you needs BitLocker encryption for your full drive to begin with. This feature is especially useful for users who own a notebook provided by a company, are often on the road, and generally have higher odds that your laptop (and its sensitive data) could be stolen.
In such a case, the thief would not be able to access the data on the computer without knowing your Windows account credentials. On the other hand, it is precisely these users who are most likely to be affected by the SSD slowdown, because business admins often install Windows 11 with the default settings, and thus with the software BitLocker activated.
If you are absolutely sure that the data on your SSD does not need to be backed up in encrypted form, then software BitLocker can be deactivated with the following command. To do this, you need to call up the command line with admin rights and enter:
manage-bde -off C:
The “C:” must be replaced by the drive letter of the encrypted drive if necessary. After restarting your computer, the change becomes active immediately.
Reinstallation necessary when switching to hardware BitLocker encryption
It becomes more complicated if you want to switch from BitLocker software encryption to BitLocker hardware encryption under Windows 11 Pro. The first prerequisite is, of course, that the SSD in the computer supports this hardware encryption.
In the next step, however, a complete reinstallation of Windows 11 Pro is necessary. A few more things need to be taken into account. Detailed instructions on how to activate hardware encryption under Windows 11 Pro, using the Samsung 980 Pro as an example, can be found in this helpful blog post.
You don’t necessarily need to encrypt your full drive, however, nor is BitLocker your only option. For more information, check out our guide on how to encrypt files in Windows.