deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-07-25 11:42:32 +02:00
parent d91898f8fe
commit 52ccb87cc1
2 changed files with 37 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md
View File

@ -11,39 +11,39 @@ This article depicts the BitLocker deployment comparison chart.
## BitLocker deployment comparison chart
| Requirements |Microsoft Intune |Microsoft Configuration Manager |Microsoft BitLocker Administration and Monitoring (MBAM) |
|---------|---------|---------|---------|
|*Minimum client operating system version* |Windows 11 and Windows 10 | Windows 11, Windows 10, and Windows 8.1 | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11 |
|*Supported Windows SKUs* | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise |
|*Minimum Windows version* |1909 | None | None |
|*Supported domain-joined status* | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory-joined, hybrid Azure AD joined | Active Directory-joined |
|*Permissions required to manage policies* | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
|*Cloud or on premises* | Cloud | On premises | On premises |
|Server components required? | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Additional agent required?* | No (device enrollment only) | Configuration Manager client | MBAM client |
|*Administrative plane* | Microsoft Intune admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
|*Administrative portal installation required* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Compliance reporting capabilities* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Force encryption* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Encryption for storage cards (mobile)* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | |
|*Allow recovery password* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Manage startup authentication* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Select cipher strength and algorithms for fixed drives* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Select cipher strength and algorithms for removable drives* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Select cipher strength and algorithms for operating environment drives* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Standard recovery password storage location* | Azure AD or Active Directory | Configuration Manager site database | MBAM database |
|*Store recovery password for operating system and fixed drives to Azure AD or Active Directory* | Yes (Active Directory and Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
|*Customize preboot message and recovery link* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Allow/deny key file creation* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Deny Write permission to unprotected drives* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Can be administered outside company network* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | |
|*Support for organization unique IDs* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Self-service recovery* | Yes (through Azure AD or Company Portal app) | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Recovery password rotation for fixed and operating environment drives* | Yes (Windows 10, version 1909 and later) | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Wait to complete encryption until recovery information is backed up to Azure AD* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | | |
|*Wait to complete encryption until recovery information is backed up to Active Directory* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Allow or deny Data Recovery Agent* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Unlock a volume using certificate with custom object identifier* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Prevent memory overwrite on restart* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Configure custom Trusted Platform Module Platform Configuration Register profiles* | | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|*Manage auto-unlock functionality* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
| Requirements | Microsoft Intune | Microsoft Configuration Manager | Microsoft BitLocker Administration and Monitoring (MBAM) |
|--|--|--|--|
| *Minimum client operating system version* | Windows 11 and Windows 10 | Windows 11, Windows 10, and Windows 8.1 | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11 |
| *Supported Windows SKUs* | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise |
| *Minimum Windows version* | 1909 | None | None |
| *Supported domain-joined status* | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory-joined, hybrid Azure AD joined | Active Directory-joined |
| *Permissions required to manage policies* | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
| *Cloud or on premises* | Cloud | On premises | On premises |
| Server components required? | | ✅ | ✅ |
| *Additional agent required?* | No (device enrollment only) | Configuration Manager client | MBAM client |
| *Administrative plane* | Microsoft Intune admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
| *Administrative portal installation required* | | ✅ | ✅ |
| *Compliance reporting capabilities* | ✅ | ✅ | ✅ |
| *Force encryption* | ✅ | ✅ | ✅ |
| *Encryption for storage cards (mobile)* | ✅ | ✅ | |
| *Allow recovery password* | ✅ | ✅ | ✅ |
| *Manage startup authentication* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for fixed drives* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for removable drives* | ✅ | ✅ | ✅ |
| *Select cipher strength and algorithms for operating environment drives* | ✅ | ✅ | ✅ |
| *Standard recovery password storage location* | Azure AD or Active Directory | Configuration Manager site database | MBAM database |
| *Store recovery password for operating system and fixed drives to Azure AD or Active Directory* | Yes (Active Directory and Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
| *Customize preboot message and recovery link* | ✅ | ✅ | ✅ |
| *Allow/deny key file creation* | ✅ | ✅ | ✅ |
| *Deny Write permission to unprotected drives* | ✅ | ✅ | ✅ |
| *Can be administered outside company network* | ✅ | ✅ | |
| *Support for organization unique IDs* | | ✅ | ✅ |
| *Self-service recovery* | Yes (through Azure AD or Company Portal app) | ✅ | ✅ |
| *Recovery password rotation for fixed and operating environment drives* | Yes (Windows 10, version 1909 and later) | ✅ | ✅ |
| *Wait to complete encryption until recovery information is backed up to Azure AD* | ✅ | | |
| *Wait to complete encryption until recovery information is backed up to Active Directory* | | ✅ | ✅ |
| *Allow or deny Data Recovery Agent* | ✅ | ✅ | ✅ |
| *Unlock a volume using certificate with custom object identifier* | | ✅ | ✅ |
| *Prevent memory overwrite on restart* | | ✅ | ✅ |
| *Configure custom Trusted Platform Module Platform Configuration Register profiles* | | | ✅ |
| *Manage auto-unlock functionality* | | ✅ | ✅ |

19
windows/security/operating-system-security/data-protection/bitlocker/index.md
View File

@ -64,22 +64,5 @@ A partition subject to encryption can't be marked as an active partition. This r
When installing the BitLocker optional component on a server, the Enhanced Storage feature also needs to be installed. The Enhanced Storage feature is used to support hardware encrypted drives.
## In this section
## Next steps
| Article | Description |
| - | - |
| [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md) | This article provides an overview of the ways in which BitLocker Device Encryption can help protect data on devices running Windows 10. |
| [BitLocker frequently asked questions (FAQ)](faq.yml) | This article answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.|
| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This article explains the procedure you can use to plan your BitLocker deployment. |
| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This article explains how BitLocker features can be used to protect your data through drive encryption. |
| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This article explains how to deploy BitLocker on Windows Server.|
| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This article describes how BitLocker Network Unlock works and how to configure it. |
| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This article describes how to use tools to manage BitLocker.|
| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This article describes how to use the BitLocker Recovery Password Viewer. |
| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This article describes the function, location, and effect of each group policy setting that is used to manage BitLocker. |
| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This article describes the BCD settings that are used by BitLocker.|
| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This article describes how to recover BitLocker keys from AD DS. |
| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. |
| [Troubleshoot BitLocker](/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This article describes how to protect CSVs and SANs with BitLocker.|
| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This article describes how to use BitLocker with Windows IoT Core |