Microsoft offers 2 mainstream versions of Windows - Home and Professional. This goes all the way back to Windows XP, and continues up to Windows 11. For the most part the differences between the two are minor. Most people are going to be fine with Windows Home (which costs less than Pro).
There is; however, one feature difference between the two which is critical for everyone to understand - full drive encryption. This is a feature that encrypts your drive, thereby protesting your data even if someone steals your device. The Pro version of Windows has "Bitlocker" which encrypts the drive. Home has a feature called "device encryption" which is basically Bitlocker but with 1 key difference. Bitlocker (Pro) can be enabled for both local and Microsoft Accounts, but device encryption (Home) requires a Microsoft Account. This is so annoying, on the one hand I want encrypted drives, and on the other hand I don't want to be forced into an online account. And I don't always have the luxury of Windows Pro (it mostly depends on what the machine shipped with, which in turn is reflected in the original cost of the machine). Wouldn't it be great if you could have Windows Home, enable drive encryption, and still use a local account? Well it turns out you can!!! This guide will show you how.
The short answer is - you need to log into a Microsoft Account, but only temporarily. Let's walk though this step by step. If you're reading this guide then I'm going to assume you are running Windows Home. I'm also going to assume that you have a local account (you've used one of the many methods to bypass the requirement for a Microsoft Account). To start, open a command prompt with admin privileges (right-click and select "Run as administrator"). Enter the command "manage-bde -status" This command will print the current status drive encryption. In the output look for the following:
Conversion Status: Used Space Only Encrypted
Protection Status: Protection Off
The conversion status "used space only encrypted" means the files on the drive are encrypted (the empty space on the drive is not encrypted). But the "protection status" is off. How can this be? What this means is the drive is encrypted, but the decryption keys are stored in plaintext on the local drive. So a casual attacker could not view your files, but a skilled attacker would know how to recover the key and decrypt your files. With Windows Pro, Microsoft offers a way to save the key to a file which removes it from the drive and ensures total security. But with Windows Home, the only place to save the key is in the Cloud.
To solve this problem, create a new account on your computer. Use an email address so that it is a cloud account. And make the account into an administrator account. Then simply log into that account once. At this point the encryption keys are moved from the local drive to the cloud. Go ahead and log out of the Microsoft Account and log back into your local account.
If you re-run the manage-bde command from earlier you should see:
Conversion Status: Used Space Only Encrypted
Protection Status: Protection On
As you can see, your drive is now encrypted and the recovery key is no longer stored locally. Next, open a web browser and log into your cloud account at https://account.microsoft.com/account Under "devices" click on your computer, then view more details about the device, and lastly under Bitlocker is a link to manage recovery keys. From here you need to copy your key info and save it in a text file. Don't be dumb, save the file to a drive other than the encrypted drive. Maybe an external USB drive, a NAS, a thumb drive, or a printed copy.
At this point you just need to clean everything up. Go back into Settings on your PC and you can delete the Microsoft Account you created. You can delete your recovery keys from the online Microsoft Account. You could even delete your entire Microsoft Account if you so wish. You now have Windows Home with only a local account and device encryption is fully enabled!
