@Sky-Knight The issue is MS has at least 1 simple solution in front of them Pro vs Home provides a distinction that can reasonably be used to determine when this may need to be enabled OOB vs when it should not be.
Yeah... I know. The obvious is staring everyone in the face here.
But the way MS looks at Home edition is that of a testing pool.
Home users get new broken toys.
Pro users get the ability to configure delays on those new toys, hopefully they are less broken.
Enterprise users have even more tools to control and test updates.
Government / Military users get things dead last after all of the above.
So while Microsoft could say... hmm home users... you don't get encryption by default. They won't because they are using the home users as the top of the testing funnel of new software. Toss in the PR stupidity thanks to everything being Microsoft's fault and BOOOM. Windows 11 Home edition requires a Microsoft account during OOBE because the encryption is armed, and that recovery key needs a backup.
It does seem they've jumped the shark shoveling encryption in the partition table earlier than the key is backed up... but I'm not sure if this change is the tier one OEMs or Microsoft driven.
What I do know, is every endpoint will be encrypted. I don't care what ignorant Brian says up there. What I'm talking about in this thread is not belief. I literally was in a meeting with Microsoft employees as they laid out a general roadmap. Now, that meeting did not provide an explicit, on such an such a date, filesystem encryption will be required for all filesystems supported by Windows. But that is a lesson buried between the lines when they speak about the other security initiatives surrounding the platform.
And oddly enough much of that is being driven by malware. The telemetry states a system with TPM and encryption enabled is 60% less likely to contract malware of any sort. The TPM and EFI integrations that come from it are the root of Microsoft's current desktop security efforts. They will not let you side step them. The only reason we have wiggle room right now is we have to continue to support Windows 10! But I suppose that is our saving grace here, Windows 10 loses support October of 2025, and extended updates will continue for 3 more years. That makes October 2028 the earliest possible time Microsoft would enforce such a change.
That may well be simply "Windows 12" too, hard to say for sure with a half of a decade between here and there. What I do know is, everyone here has precious little time, and keeping up with Microsoft is how we all get paid. So at least on this one thing, people have some more information.