I beg to differ on the ease-to-install bit. The default install (at least on the laptop I'm using) just used TPM, or a recovery key. No password required at bootup. Sure, the drive is encrypted, so if someone rips it out of the laptop it's useless(*), but if someone has access to the whole laptop, there's no protection at all.
Had to spend quite a bit of time researching and finding the right Group Policies to edit (I don't use/admin Windows all that much) until I got an option in the control panel allowing me to specify a bootup password.
Completely fail to understand what the point of the default install was.