deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update prepare-your-organization-for-bitlocker-planning-and-policies.md

Browse Source 
https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/abe1d71a-f2e5-4c62-bb68-030266f1f300#CORRECTNESS
Line 78: you're > you'll
Line 151: Space Only, only > Space Only, just
Line 186: - Recovery unlock using the FIPS-compliant algorithm based recovery password protector work in all cases that currently work for recovery passwords. > - Recovery unlock using the FIPS-compliant, algorithm-based recovery password protector works in all cases that currently work for recovery passwords.
This commit is contained in:
Angela Fleischmann
2022-10-18 14:51:56 -06:00
committed by GitHub
parent c013cf5131
commit 1cbedb5204
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
View File

@ -75,7 +75,7 @@ On computers that don't have a TPM version 1.2 or higher, you can still use Bit
**Will you support computers without TPM version 1.2 or higher?** **Will you support computers without TPM version 1.2 or higher?**
Determine if you're support computers that don't have a TPM version 1.2 or higher. If you support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This startup key requires extra support processes similar to multifactor authentication. Determine if you'll support computers that don't have a TPM version 1.2 or higher. If you support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This startup key requires extra support processes similar to multifactor authentication.
**What areas of your organization need a baseline level of data protection?** **What areas of your organization need a baseline level of data protection?**
@ -148,7 +148,7 @@ The BitLocker Setup wizard provides administrators the ability to choose the Use
Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, you're asked to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption. Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, you're asked to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption.
With Used Disk Space Only, only the portion of the drive that contains data will be encrypted. Unused space will remain unencrypted. This behavior causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method, as data is added to the drive, the portion of the drive used is encrypted. So, there's never unencrypted data stored on the drive. With Used Disk Space Only, just the portion of the drive that contains data will be encrypted. Unused space will remain unencrypted. This behavior causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method, as data is added to the drive, the portion of the drive used is encrypted. So, there's never unencrypted data stored on the drive.
With Full drive encryption, the entire drive is encrypted, whether data is stored on it or not. This option is useful for drives that have been repurposed, and may contain data remnants from their previous use. With Full drive encryption, the entire drive is encrypted, whether data is stored on it or not. This option is useful for drives that have been repurposed, and may contain data remnants from their previous use.
@ -183,7 +183,7 @@ But on computers running these supported systems with BitLocker enabled:
- FIPS-compliant recovery password protectors can be created when Windows is in FIPS mode. These protectors use the FIPS 140 NIST SP800-132 algorithm. - FIPS-compliant recovery password protectors can be created when Windows is in FIPS mode. These protectors use the FIPS 140 NIST SP800-132 algorithm.
- Recovery passwords created in FIPS mode on Windows 8.1 can be distinguished from recovery passwords created on other systems. - Recovery passwords created in FIPS mode on Windows 8.1 can be distinguished from recovery passwords created on other systems.
- Recovery unlock using the FIPS-compliant algorithm based recovery password protector work in all cases that currently work for recovery passwords. - Recovery unlock using the FIPS-compliant, algorithm-based recovery password protector works in all cases that currently work for recovery passwords.
- When FIPS-compliant recovery passwords unlock volumes, the volume is unlocked to allow read/write access even while in FIPS mode. - When FIPS-compliant recovery passwords unlock volumes, the volume is unlocked to allow read/write access even while in FIPS mode.
- FIPS-compliant recovery password protectors can be exported and stored in AD a while in FIPS mode. - FIPS-compliant recovery password protectors can be exported and stored in AD a while in FIPS mode.