deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-01 10:13:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update bitlocker-countermeasures.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2021-03-26 14:52:59 -07:00
parent d653db4b04
commit 29e077fcf6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
View File

@ -72,7 +72,7 @@ The next sections cover pre-boot authentication and DMA policies that can provid
### Pre-boot authentication ### Pre-boot authentication
Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible.
The Group Policy setting is [Require additional authentication at startup](./bitlocker-group-policy-settings.md#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) and the corresponding setting in the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication. The Group Policy setting is [Require additional authentication at startup](./bitlocker-group-policy-settings.md) and the corresponding setting in the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication.
BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed.
If Windows cant access the encryption keys, the device cant read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key. If Windows cant access the encryption keys, the device cant read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key.