diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md b/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md index 35e27a8991..6e01b0471d 100644 --- a/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md +++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md @@ -112,7 +112,8 @@ Alternatively, you can configure devices using the [Policy CSP][CSP-1] and [Pers When Personal Data Encryption is enabled, the user experience is as follows: - If the user signs in with Windows Hello, the user can access Personal Data Encryption protected content -- The data protected by Personal Data Encryption is only accessible when the user signs in with Windows Hello, and can be identified by the padlock icon on the file or folder +- If the user signs in without Windows Hello, the user is denied access to Personal Data Encryption protected content +- The data protected by Personal Data Encryption can be identified by the padlock icon on the file or folder :::image type="content" source="images/pde-protection.png" alt-text="Screenshot of File Explorer with some files protected by Personal Data Encryption, displaying a padlock." border="false"::: - If the user tries to sign in without using Windows Hello, a message appears on the sign in screen indicating that the user must sign in with Windows Hello to access encrypted content :::image type="content" source="images/pde-sign-in.png" lightbox="images/pde-sign-in.png" alt-text="Screenshot of the sign in screen. If a user attempts to sign in with a password, a message indicates that the files protected by Personal Data Encryption will be unavailable." border="false"::: diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml b/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml index 1619fe87d2..c997d53aa3 100644 --- a/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml +++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml @@ -49,3 +49,5 @@ sections: - question: Do I need to use OneDrive in Microsoft 365 as my backup provider? answer: | No, Personal Data Encryption doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by Personal Data Encryption to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider. + - question: Are the files encrypted by Personal Data Encryption synced to OneDrive in an encrypted form? + answer: Personal Data Encryption ensures that files are protected from unauthorized access by encrypting them at rest. When files are synced to OneDrive, they are transferred over a secure connection. However, Personal Data Encryption's encryption only applies to local data saved to the disk. Applications accessing the files, including OneDrive when it syncs data, get cleartext data. This means that while Personal Data Encryption protects files on the local disk, the files synced to OneDrive are not encrypted by Personal Data Encryption in the cloud. diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/images/pde-protection.png b/windows/security/operating-system-security/data-protection/personal-data-encryption/images/pde-protection.png index e46395d654..e895f5a68b 100644 Binary files a/windows/security/operating-system-security/data-protection/personal-data-encryption/images/pde-protection.png and b/windows/security/operating-system-security/data-protection/personal-data-encryption/images/pde-protection.png differ