From 0563fd61d646f13255d4fbc03e9cbe0c630f97f3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:05:02 -0400 Subject: [PATCH] acrolinx --- .../bitlocker/preboot-recovery-screen.md | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index 5ffbd27857..7579e58096 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -18,7 +18,7 @@ This article describes the information displayed in the preboot recovery screen :::row::: :::column span="2"::: - By default, the BitLocker recovery screen displays a generic message and the default url *aka.ms/recoverykeyfaq*. + By default, the BitLocker recovery screen displays a generic message and the url **https://aka.ms/recoverykeyfaq**. :::column-end::: :::column span="2"::: :::image type="content" source="images/preboot-recovery.png" alt-text="Screenshot of the default BitLocker recovery screen." lightbox="images/preboot-recovery.png" border="false"::: @@ -27,7 +27,7 @@ This article describes the information displayed in the preboot recovery screen ## Custom recovery message -BitLocker policy settings allow to configure a custom recovery message and URL on the BitLocker recovery screen. The custom recovery message and URL can include the address of the BitLocker self-service recovery portal, the IT internal website, or a phone number for support. +With BitLocker policy settings, you can configure a custom recovery message and URL on the BitLocker preboot recovery screen. The custom recovery message and URL can include the address of the BitLocker self-service recovery portal, the IT internal website, or a phone number for support. :::row::: :::column span="2"::: @@ -46,7 +46,7 @@ BitLocker policy settings allow to configure a custom recovery message and URL o :::column-end::: :::row-end::: -For more information, see [Configure preboot recovery message and URL](policy-settings.md?tabs=os#configure-preboot-recovery-message-and-url). +For more information how to configure a custom recovery message with policy settings, see [Configure preboot recovery message and URL](policy-settings.md?tabs=os#configure-preboot-recovery-message-and-url). ## Recovery key hints @@ -58,11 +58,14 @@ There are rules governing which hint is shown during the recovery (in the order 1. Always display generic hint: **For more information, go to https://aka.ms/recoverykeyfaq** 1. If multiple recovery keys exist on the volume, prioritize the last-created (and successfully backed up) recovery key 1. Prioritize keys with successful backup over keys that have never been backed up -1. Prioritize backup hints in the following order for remote backup locations: **Microsoft Account > Microsoft Entra ID > Active Directory** +1. Prioritize backup hints in the following order for remote backup locations: + - Microsoft account + - Microsoft Entra ID + - Active Directory 1. If a key has been printed and saved to file, display a combined hint **Look for a printout or a text file with the key**, instead of two separate hints 1. If multiple backups of the same type (remove vs. local) were done for the same recovery key, prioritize backup info with latest backup date 1. There's no specific hint for keys saved to an on-premises Active Directory. In this case, a custom message (if configured) or a generic message, **Contact your organization's help desk**, is displayed -1. If two recovery keys are present, but only one was backed up, the system asks for the backed up key, even if the other key is newer +1. If two recovery keys are present and only one backed up, the system asks for the backed up key, even if the other key is newer :::row::: :::column span="4"::: @@ -74,7 +77,7 @@ There are rules governing which hint is shown during the recovery (in the order In this scenario, the recovery password is saved to a file > [!IMPORTANT] - > It's not recommend to print recovery keys or saving them to a file. Instead, use Microsoft Account, Microsoft Entra ID or Active Directory backup. + > It's not recommend to print recovery keys or saving them to a file. Instead, use Microsoft account, Microsoft Entra ID or Active Directory backup. :::column-end::: :::column span="2"::: @@ -89,11 +92,11 @@ There are rules governing which hint is shown during the recovery (in the order :::row::: :::column span="2"::: In this scenario, a custom URL is configured. The recovery password is: - - saved to Microsoft Account + - saved to Microsoft account - not printed - not saved to a file - **Result:** the hints for the Microsoft account and custom URL are displayed. + **Result:** the hints for the custom URL and the Microsoft account (**https://aka.ms/myrecoverykey**) are displayed. :::column-end::: :::column span="2"::: :::image type="content" source="images/preboot-recovery-custom-url-single-backup.png" alt-text="Screenshot of the BitLocker recovery screen showing a custom URL and the hint where the BitLocker recovery key was saved." lightbox="images/preboot-recovery-custom-url-single-backup.png" border="false"::: @@ -125,15 +128,15 @@ There are rules governing which hint is shown during the recovery (in the order :::row::: :::column span="2"::: In this scenario, the recovery password is: - - saved to Microsoft Account + - saved to Microsoft account - saved to Microsoft Entra ID - printed - saved to file - **Result:** only the Microsoft Account hint is displayed. + **Result:** only the Microsoft account hint (**https://aka.ms/myrecoverykey**) is displayed. :::column-end::: :::column span="2"::: - :::image type="content" source="images/preboot-recovery-multiple-backups.png" alt-text="Screenshot of the BitLocker recovery screen showing only the Microsoft Account hint." lightbox="images/preboot-recovery-multiple-backups.png" border="false"::: + :::image type="content" source="images/preboot-recovery-multiple-backups.png" alt-text="Screenshot of the BitLocker recovery screen showing only the Microsoft account hint." lightbox="images/preboot-recovery-multiple-backups.png" border="false"::: :::column-end::: :::row-end::: :::row::: @@ -171,7 +174,7 @@ There are rules governing which hint is shown during the recovery (in the order In this scenario, there are two recovery passwords. The recovery password #1 is: - - Saved to Microsoft Account + - Saved to Microsoft account - Saved to Microsoft Entra ID - creation time: **1PM** - key ID: **4290B6C0-B17A-497A-8552-272CC30E80D4** @@ -181,7 +184,7 @@ There are rules governing which hint is shown during the recovery (in the order - creation time: **3PM** - key ID: **045219EC-A53B-41AE-B310-08EC883AAEDD** - **Result:** the hint for the most recent key is displayed. + **Result:** the Microsoft Entra ID hint (**https://aka.ms/aadrecoverykey**), which is the most recent key saved, is displayed. :::column-end::: :::column span="2"::: :::image type="content" source="images/preboot-recovery-multiple-passwords-multiple-backups.png" alt-text="Screenshot of the BitLocker recovery screen showing the key ID of the most recent key." lightbox="images/preboot-recovery-multiple-passwords-multiple-backups.png" border="false":::