deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Changes to device encryption

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-06-25 12:57:56 -04:00
parent f28eeac168
commit 38810544d0
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/operating-system-security/data-protection/bitlocker/index.md
View File

@ -85,10 +85,11 @@ BitLocker has the following requirements:
## Device encryption
*Device encryption* is a Windows feature that provides a simple way for some devices to enable BitLocker encryption automatically. Device encryption is available on all Windows versions, and it requires a device to meet either [Modern Standby][WIN-3] or HSTI security requirements. Device encryption can't have externally accessible ports that allow DMA access.
*Device encryption* is a Windows feature that provides a simple way for some devices to enable BitLocker encryption automatically. Device encryption is available on all Windows versions, and it requires a device to meet either [Modern Standby][WIN-3] or HSTI security requirements. Device encryption can't have externally accessible ports that allow DMA access. Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives.
> [!IMPORTANT]
> Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives.
> Starting in Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby are removed. As a result, more devices are eligible for device encryption.
> For more information, see [BitLocker drive encryption in Windows 11 for OEMs](/windows-hardware/design/device-experiences/oem-bitlocker).
Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. When a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use. As part of this preparation, device encryption is initialized on the OS drive and fixed data drives on the computer with a clear key that is the equivalent of standard BitLocker suspended state. In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up.

2
windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
View File

@ -103,7 +103,7 @@ There are rules governing which hint is shown during the recovery (in the order
:::row-end:::
:::row:::
:::column span="2":::
Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account hint if the recovery password is saved to a Microsoft account.
Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account (MSA) hint, if the recovery password is saved to a MSA. This hint helps the user to understand which MSA account was used to store recovery key information.
:::column-end:::
:::column span="2":::
:::image type="content" source="images/bitlocker-recovery-screen-msa-backup-24h2.png" alt-text="Screenshot of the BitLocker recovery screen showing a Microsoft account hint where the BitLocker recovery key was saved." lightbox="images/bitlocker-recovery-screen-msa-backup-24h2.png" border="false":::