deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-09 14:13:39 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update bitlocker-overview-and-requirements-faq.md

Browse Source
This commit is contained in:
Siddarth Mandalika
2020-09-09 15:53:46 +05:30
committed by GitHub
parent 6cc5d49b5b
commit 4d837887e0
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
View File

@ -27,19 +27,19 @@ ms.custom: bitlocker
**How does BitLocker work with operating system drives**
You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD).
You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). For further information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption).
**How does BitLocker work with fixed and removable data drives**
You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods.
You can use BitLocker to encrypt the entire content of a data drive. You can use group policy to make it mandatory for BitLocker to be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock-methods for data drives, and a data drive supports multiple unlock-methods. For more information, see [BitLocker overview](bitlocker-deviceencryption-overview.md).
## Does BitLocker support multifactor authentication?
Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later versions, you can use additional forms of authentication with the TPM protection.
Yes, BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2 or later versions, you can use additional forms of authentication with the TPM protection. This includes the use of a password, a PIN, or a removable storage device.
## What are the BitLocker hardware and software requirements?
For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
For requirements, see [System requirements](bitlocker-deviceencryption-overview.md#system-requirements-BitLocker).
> [!NOTE]
> Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk.
@ -63,8 +63,12 @@ Beginning with Windows 10, version 1803, you can check TPM status in **Windows D
## Can I use BitLocker on an operating system drive that does not have a TPM?
Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker provides.
To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, which can be done through the following options:
- If the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment, you can use a removable disk. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
- You can use a password or a PIN to unlock the encrypted diskThis is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer.
- In addition to the above two options, the volume master key can be encrypted with a password or a PIN so that it can be displayed in a decrypted version when the user keys in the password.
## How do I obtain BIOS support for the TPM on my computer?