-
-
Yes:
If you’re confident that laptops will never be lost or stolen, then:
Microsoft recommends that BitLocker Device Encryption be enabled on any systems that support it, but the automatic BitLocker Device Encryption process can be prevented by changing the following registry setting:
Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
Value: PreventDeviceEncryption equal to True (1)
Type: REG_DWORDPrevent Bitlocker encryption during Windows 11 24H2 installation
1 user thanked author for this post.
-
-
-
PreventDeviceEncryption prevents automatic device encryption, not manual selection:
When a user boots the PC for the first time and goes through the out-of-the-box experience, device encryption, on initialization, will automatically encrypt the operating system drive and any fixed data drive using BitLocker.
Use this setting to prevent device encryption from automatically encrypting the operating system drive and any fixed data drive using BitLocker.
Automatic device encryption is never activated for a local account.
1 user thanked author for this post.
-
There now Version 136.0.3240.50: May 1, 2025, including security fixes.
1 user thanked author for this post.
-
New accounts are passwordless by default:
Brand new Microsoft accounts will now be “passwordless by default.” New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing users can visit their account settings to delete their password.
Passwordless-preferred sign-in:
…
After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey. …Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
1 user thanked author for this post.
-
-
This version includes various features such as Continue on PC for seamless content movement between devices, data sync across devices, a hub view for managing favorites and history, QR code reader, voice search, and InPrivate browsing mode that does not save browsing
Did that come from AI? All of those features are ancient.
I think 136.0.3240.50 must include security fixes, because;
April 29, 2025
Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.
1 user thanked author for this post.
-
69% of consumers have enabled passkeys on at least one of their accounts.
is encouraging, but
The availability of passkeys has steadily increased with implementation reaching 48% of the world’s top 100 websites
is slightly disappointing.
1 user thanked author for this post.
-
But users don’t have the keys on without Microsoft accounts.
A user without any Microsoft account never needs to enter a recovery key (unless they have manually enabled device encryption and therefore been prompted to backup the recovery key locally).
No local user was affected.
1 user thanked author for this post.
-
-
Well, “Home” is my version, so gpedit not available.
Use gpresult /r /z at an admin command prompt instead.
Using GPResult Command to Check Applied GPOs and RSoP Data
1 user thanked author for this post.
-
See How to Remove ‘Some Settings are Managed by Your Organization’ on Windows 11 or 10
1 user thanked author for this post.
-
Author
