Microsoft has admitted that turning on BitLocker on PCs with NVMe SSDs can have a noticeable performance impact, but it does not necessarily mean that every PC with BitLocker is hurting the performance of your apps or games. In fact, in most cases, performance cost is barely visible.
According to Microsoft, historically, BitLocker's overhead was "single digit" % most of the time, and only in certain conditions.
BitLocker used to be an optional feature, but when Windows 11 24H2 shipped, Windows Latest observed that BitLocker is now turned on by default. BitLocker is not automatically turned on when you upgrade from Windows 11 23H2 to 24H2, but if you buy a new PC or clean install Windows 11 24H2/25H2, it'll be turned on by default.
In a support document, Microsoft argues that BitLocker is a "valuable" feature if your device is lost or stolen. That's because BitLocker encrypts your drives and protects your data.
According to Microsoft, BitLocker also comes at the cost of performance, especially when you have one of those newer, powerful NVMe SSDs with higher I/O cycles, as it results in increased CPU usage for decryption.
Microsoft argues that NVMe drives have significantly improved, and drives now have higher I/O per second. While it's a good thing for performance, higher I/O per second also means that the CPU needs to spend a noticeable chunk of time just doing BitLocker's AES crypto to keep up with all those reads or writes.
All of that leads to a higher proportion of CPU cycles when BitLocker is turned on, and it's more noticeable in heavy I/O situations, such as gaming.
"While this is a major benefit for users, it also means that any additional processing -- such as real-time encryption and decryption by BitLocker -- can become a bottleneck if not properly optimized," Microsoft noted in a support document.
To put it simply, there'll be higher CPU cycles automatically when you're performing drive-intensive tasks that require higher read and write. For example, you'll notice increased CPU usage when:
Or similar "resource-intensive" activities on NVMe drives when BitLocker is turned on. However, there's a workaround, which requires newer PCs that support the "hardware-accelerated BitLocker" feature.
In Windows 11 KB5065426 (26100.6584 26200.6584) or newer, Microsoft turned on the hardware-accelerated BitLocker feature in Windows 11. With this feature, Microsoft says the crypto work is offloaded from the CPU to a dedicated crypto engine on the SoCCPU, and keys can be hardware-protected.
This results in reduced CPU usage and improved battery life, but the only catch is that it requires supported hardware.
"BitLocker will take advantage of upcoming system on chip (SoC) and central processing unit (CPU) capabilities to achieve better performance and security for current and future NVMe drives," Microsoft noted.
This is the most critical part of the test, showing the impact of encryption on drive speed. While sequential read/write speeds remain largely unaffected, the difference in random input/output operations is significant.
Now, let's take a look at how hardware-based BitLocker compares against software-based BitLocker when the device is running Windows 11:
While large file transfers remain similar between the two configurations, Hardware Acceleration significantly improves Random 4K performance (small file operations).
Device B doubled the speed in most random write/read scenarios compared to software encryption.
You need to run a command-line tool () to verify the underlying technology being used on your PCs.