Microsoft have had a data encryption service called Bitlocker for some time. Historically, this has allowed any users of the Pro version of Windows to encrypt all their data if they opt in. Once the next Windows feature update is released, this will be available to all, and will be the default for new installs.
For those unaware, disk encryption means that were someone to take the hard drive out of your machine and plug it in elsewhere, they wouldn't be able to get at any of the files on it. It also means that the data is inaccessible to anyone with direct access to your machine the doesn't know how to unlock it (Password, PIN, Passkey etc).
This is a very good thing in general. At the very least, it should make disposing of machines a lot safer in the future given the data is effectively inaccessible to anyone that doesn't have the key. However, there is one big side issue here that people need to be aware of...
Once Bitlocker has been enabled, everything works fine all the while Windows can boot as usual and nothing significant has changed in the background. However, there are some rare circumstances in which this doesn't happen. This can include things like system BIOS updates. This also caught a lot of people out during the recent global CrowdStrike update issue. Whatever the reason, it is possible you will at some point be prompted for your Bitlocker key. This is a 25 digit key that unlocks your encrypted data. If you know what this is and where you're keeping it safe, you can stop reading now. However, for everyone else...
We'll do a proper HowTo on this in the coming months, but in brief, to check your Bitlocker status, type "Manage Bitlocker" into Windows Search. If Bitlocker is disabled, it will give you the option to enable it. If it's already enabled, it will give you the option to backup your recovery keys. MAKE SURE YOU HAVE DONE THIS AND YOU KNOW WHERE IT IS STORED! Also, make sure that isn't stored on the drive itself - this will be useless to you should you ever need it, as you won't be able to access it because the drive will be locked.