From 117beb40564a3af51a397879728508f7dd88d811 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 19 Sep 2022 14:09:57 -0400 Subject: [PATCH] Update PDE Docs 15 - Add FAQ YAML --- .../personal-data-encryption/faq-pde.md | 2 +- .../personal-data-encryption/faq-pde.yml | 60 +++++++++++++++++++ .../personal-data-encryption/overview-pde.md | 4 +- 3 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 windows/security/information-protection/personal-data-encryption/faq-pde.yml diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.md b/windows/security/information-protection/personal-data-encryption/faq-pde.md index 6c202e3473..00f774b64f 100644 --- a/windows/security/information-protection/personal-data-encryption/faq-pde.md +++ b/windows/security/information-protection/personal-data-encryption/faq-pde.md @@ -15,7 +15,7 @@ ms.date: 09/22/2022 -## Personal Data Encryption (PDE) FAQ +# Personal Data Encryption (PDE) FAQ **Can PDE encrypt entire volumes or drives?**
No. PDE only encrypts specified files. diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml new file mode 100644 index 0000000000..c0f9fc0568 --- /dev/null +++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml @@ -0,0 +1,60 @@ +### YamlMime:FAQ +metadata: + title: Frequently asked questions for Personal Data Encryption (PDE) + description: Answers to common questions regarding Personal Data Encryption (PDE). + +title: Frequently asked questions for Personal Data Encryption (PDE) +summary: | + Here are some answers to common questions regarding Personal Data Encryption (PDE) + +sections: + - name: Single section - ignored + questions: + - question: Can PDE encrypt entire volumes or drives? + answer: | + No. PDE only encrypts specified files. + + - question: Is PDE a replacement for BitLocker? + answer: | + No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security. + + - question: Can an IT admin specify which files should be encrypted? + answer: | + Yes, but it can only be done using the PDE APIs. + + - question: Do I need to use OneDrive as my backup provider? + answer: | + No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the encryption keys used by PDE are lost. OneDrive is a recommended backup provider. + + - question: What is the relation between Windows Hello for Business and PDE? + answer: | + Windows Hello for Business unlocks PDE encryption keys during user sign on. + + - question: Can a file be encrypted with both PDE and EFS at the same time? + answer: | + No. PDE and EFS are mutually exclusive. + + - question: Can a PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)? + answer: | + No. Accessing PDE encrypted files over RDP isn't currently supported. + + - question: Can PDE encrypted files be access via a network share? + answer: | + No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials. + + - question: How can it be determined if a file is encrypted with PDE? + answer: | + Encrypted files will show a padlock on the file's icon. Additionally, `cipher.exe` can be used to show the encryption state of the file. + + - question: Can users manually encrypt and decrypt files with PDE? + answer: | + Currently users can decrypt files manually but they can't encrypt files manually. + + - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files? + answer: | + No. PDE encryption keys are protected Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics. + +additionalContent: | + ## See also + - [Personal Data Encryption (PDE)](overview-pde.md) + - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) \ No newline at end of file diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md index e0a9b0133d..6f8904b046 100644 --- a/windows/security/information-protection/personal-data-encryption/overview-pde.md +++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md @@ -32,12 +32,12 @@ ms.date: 09/22/2022 - [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md) - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) - For information on disabling ARSO via Intune, please see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)). - - [Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md) + - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md) - [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - Remote Desktop connections ### **Highly recommended** - - [BitLocker Drive Encryption](bitlocker/bitlocker-overview.md) enabled + - [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled - Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it. - Backup solution such as [OneDrive](/onedrive/onedrive) - In certain scenarios such as TPM resets or destructive PIN resets, the PDE encryption keys can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.