It seems obvious in retrospect, but thanks to the performance gains in modern SSDs, Microsoft has started rolling out hardware-accelerated BitLocker capabilities in Windows 11 and Windows Server 2025.
“As Non-Volatile Memory Express (NVMe) drives continue to evolve, their ability to deliver extremely fast data transfer rates has set new expectations for system responsiveness and application performance,” Microsoft’s Rafal Sosnowski explains. “While this is a major benefit for users, it also means that any additional processing, such as real-time encryption and decryption by BitLocker, can become a bottleneck if not properly optimized.”
To address this issue, Microsoft announced hardware-accelerated BitLocker at Ignite 2025 back in November, after having added it to the latest versions of Windows 11 (25H2) and Windows Server (2025 with the September Update) alongside UFS (Universal Flash Storage) Inline Crypto Engine technology. Both of these new features allow BitLocker to take advantage of upcoming system on chip (SoC) and central processing unit (CPU) capabilities to achieve better performance and security for current and future NVMe drives, Microsoft says.
As for hardware-accelerated BitLocker, the software giant claims this addition provides an average 70 percent reduction in CPU usage, which will improve battery life. As important, this change means that using BitLocker with an NVMe-based SSD will approach the same performance as using that type of drive without encryption.
You can check to see whether your PC or server is using hardware-accelerated BitLocker using the following command line with admin privileges:
manage-bde -status
The “Encryption Method” entry in the output will note that the drive is “Hardware Accelerated” if it’s enabled. I assume this won’t work in Windows 11 Home as that release supports a full disk encryption feature called Device Encryption but not the full BitLocker experience.