Device Encryption is a new consumer-oriented security feature of Windows 8.1 that automatically encrypts the Operating System (OS) drive and all fixed data drives. Rather than requiring the user or administrator to enable and configure the encryption, the platform’s drives are encrypted out-of-the-box. The encryption is invisible during normal use: users can log in and use the system just as they would use an unencrypted system. If someone stole the system however he wouldn’t be able to get at any of the data without knowing the user account’s password. This is because the device encryption key is protected by a secret derived from the user account’s password. You can check the Device Encryption status of your Windows 8.1 system at the bottom of the “PC Info” section in the device settings.
Device Encryption is available in every Windows 8.1 edition – not just the enterprise editions, but also the consumer ones – and can be used on both x86 and x-64 platforms. To support Device Encryption, your Windows 8.1 platform must have a version 2.0 (v2.0) Trusted Platform Module – as specified in the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems Your system must also support connected standby – a new power state that with very low power consumption that also maintains Internet connectivity.
Under the hood Device Encryption uses BitLocker and 128-bit AES symmetric encryption.