tabs

windows/security/operating-system-security/data-protection/bitlocker/configure.md

@@ -252,44 +252,7 @@ Administrators can enable BitLocker prior to operating system deployment from th
 
 Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required. BitLocker decryption shouldn't occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, `manage-bde.exe`, or Windows PowerShell cmdlets. We'll discuss each method further below.
 
-### Decrypting volumes using the BitLocker control panel applet
 
-BitLocker decryption using the control panel is done using a wizard. The control panel can be called from Windows Explorer or by opening it directly. After opening the BitLocker control panel, users will select the **Turn off BitLocker** option to begin the process.
-After selecting the **Turn off BitLocker** option, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins and reports status to the control panel.
-
-The control panel doesn't report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress.
-
-Once decryption is complete, the drive updates its status in the control panel and becomes available for encryption.
-
-### Decrypting volumes using the `manage-bde.exe` command-line interface
-
-Decrypting volumes using `manage-bde.exe` is straightforward. Decryption with `manage-bde.exe` offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:
-
-```powershell
-manage-bde.exe -off C:
-```
-
-This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If users wish to check the status of the decryption, they can use the following command:
-
-```powershell
-manage-bde.exe -status C:
-```
-
-### Decrypting volumes using the BitLocker Windows PowerShell cmdlets
-
-Decryption with Windows PowerShell cmdlets is straightforward, similar to `manage-bde.exe`. Windows PowerShell offers the ability to decrypt multiple drives in one pass. In the example below, the user has three encrypted volumes, which they wish to decrypt.
-
-Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for more commands. An example of this command is:
-
-```powershell
-Disable-BitLocker
-```
-
-If a user didn't want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:
-
-```powershell
-Disable-BitLocker -MountPoint E:,F:,G:
-```
 
 ## PowerShell examples
 

windows/security/operating-system-security/data-protection/bitlocker/images/cmd.svg

@@ -1,9 +1,9 @@
-<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<svg width="20" height="17" viewBox="0 0 20 17" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<rect width="21" height="21" fill="url(#pattern0)"/>
+<rect width="20" height="16.6667" fill="url(#pattern0)"/>
 <defs>
 <pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
-<use xlink:href="#image0_61_1263" transform="scale(0.03125)"/>
+<use xlink:href="#image0_62_1269" transform="scale(0.0333333 0.04)"/>
 </pattern>
-<image id="image0_61_1263" width="32" height="32" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAAAIHSURBVFhH7ZdLaxpRGIaHKBEJQUFxIQjeEEFFEEUUEURURNS/0X3IIlAC5qKdaLFSqylNfk+beF8lK7PLX7CrvD2fN2Z0EiQ4GqgvPDgevzPfM8NBzuF22Xr4Su1z4eILNslFsVxgrfcZe1yJL788Dp8xeHhiDNfKp5Oa5CdJsOaGsUS19mPU7Q8wpzdAR5I+Ot0+2nN6aHUm0DjN6/ZZDauj32n8vt3FXauDP/dt/L5rzZkK2BgHXPP6dpTP50Hkcjlks1lkMhmk02mkUikkEgnE43HEYjFEo1FEIhGEw2EEg0H4/X74fD54vV54PB64XC44nU44HA5YLBYYjUbodDqo1WpqOGcq4GAcMoGb7Qo0mr+2K1Bv/Py7KDDLawIU2QQoszdAmQlQZBGo1Zvj5lICb70BykzA7XbDbrfDarXCbDbDZDJBr9dDq9VCo9FApVKtRyAUCo2f1GazjesoSqVSdPNVWFmAQk3pySjCmxBSY6sgEvj2vSESEC5Cen3CiYtQhNdvRThPJMD+CUUCgUBgadGsG0mBZDIJg8GwVCwHSwK0uhdXqpyIBEr8VygUiqUiOREJTL9slJ3ATmAn8LEEaI9+Wrgc0eB7OC9eochXwFeqKF1VcVkq40yiTsjR8UmdNZ/silnogEB7dBogq01AvSbnApa96QXZHG4I6jU5Gf3n4bh/yEbmXwyqKk4AAAAASUVORK5CYII="/>
+<image id="image0_62_1269" width="30" height="25" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAZCAYAAAAmNZ4aAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH5woDFCEoPZWAYAAAAftJREFUSA3tVk9r6kAQ/2UTqXjyQ/gppFDwJGK9Puih936BnkqLbXm80kLpofTe44MHDysifTxvguLFD6B39SKpYuKfbJpZzdakNqDY9NKBzf5mZjM/djKzG+Xq5u7ENI0LhCgqU881bk3OfxwcYjweO9T2VukfHp9wdLgP//z3z+9T5fbu3tjb241KRod7Nf3c8eazYS8UpihQnAFlbiO77Tz8w+V4/vcfWnQnivzZqbC5CznnWDUsy5J2wq7uzvSOi6fTqcgiZXI0GsEwDJcX+ctfYB/tT676JMBol18hjNvc+TheKRaLKJVKXuOSVq1Wl7TNoJNqrxQKBWSzWWQyGZTLZemsVCoSbwMwi/OdjwKl02npSqVSEhOo1WpSp4Ki4qFhmqaYB4OBKKrZbCYKUi5eAM1vCNKpUofDIRKJBFqtFhqNBiKRCCj4uhJITKlOJpPodrtot9vzXl0wUN9SYW5CSiE0f1XncjlQcZHE43Houi6wOCAEWv3wx/Gv8r+v2dzbTp1OB7FYzNPw/iCuvhxsGbv+oFmmmgqj2Wyi1+sFrd+aTxD3+33U6/XFRbG12IGBNCp/OhCoJcIUNnFaJGxS2uC7kyusXX8Th5Xp728cWqahXP68zk+mk2NVVd/+NNfgZ4xBVWmozr0LcGsmzgXvDeAN+KLr969xFx5PHHC7ewAAAABJRU5ErkJggg=="/>
 </defs>
 </svg>

windows/security/operating-system-security/data-protection/bitlocker/manage.md

@@ -16,7 +16,7 @@ The tools can be used to perform any tasks that can be accomplished through the
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-#### [:::image type="icon" source="images/powershell.png"::: **PowerShell**](#tab/powershell)
+#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
 
 Similar to manage-bde, the PowerShell cmdlets allow configuration beyond the options offered in the control panel. A good initial step is to determine the current state of the volume(s) on the computer. For example, to determine the current state of a volume you can use the `Get-BitLockerVolume` cmdlet, which provides information on the volume type, protectors, protection status, and other details.
 
@@ -132,9 +132,8 @@ The above command encrypts the drive using the TPM as the default protector. If
 ## Manage data volumes
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-<!--
+
-#### [:::image type="icon" source="images/powershell.png"::: **PowerShell**](#tab/powershell)-->
+#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
-#### [PowerShell](#tab/powershell)
 
 Data volume encryption using Windows PowerShell is the same as for operating system volumes. Add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
 SecureString value to store the user-defined password.
@@ -266,3 +265,51 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>
 
 > [!NOTE]
 > Active Directory-based protectors are normally used to unlock Failover Cluster-enabled volumes.
+
+
+
+### Decrypt volumes
+
+#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
+
+
+Decryption with Windows PowerShell cmdlets is straightforward, similar to `manage-bde.exe`. Windows PowerShell offers the ability to decrypt multiple drives in one pass. In the example below, the user has three encrypted volumes, which they wish to decrypt.
+
+Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for more commands. An example of this command is:
+
+```powershell
+Disable-BitLocker
+```
+
+If a user didn't want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:
+
+```powershell
+Disable-BitLocker -MountPoint E:,F:,G:
+```
+
+
+#### [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd)
+
+
+Decrypting volumes using `manage-bde.exe` is straightforward. Decryption with `manage-bde.exe` offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:
+
+```powershell
+manage-bde.exe -off C:
+```
+
+This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If users wish to check the status of the decryption, they can use the following command:
+
+```powershell
+manage-bde.exe -status C:
+```
+
+#### [:::image type="icon" source="images/controlpanel.svg"::: **Control Panel**](#tab/controlpanel)
+
+BitLocker decryption using the control panel is done using a wizard. The control panel can be called from Windows Explorer or by opening it directly. After opening the BitLocker control panel, users will select the **Turn off BitLocker** option to begin the process.
+After selecting the **Turn off BitLocker** option, the user chooses to continue by clicking the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins and reports status to the control panel.
+
+The control panel doesn't report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress.
+
+Once decryption is complete, the drive updates its status in the control panel and becomes available for encryption.
+
+---