diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md index 13b98196a7..4d67798da7 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md @@ -450,6 +450,54 @@ From the **BitLocker Drive Encryption** Control Panel applet, expand the drive w > [!NOTE] > You must have at least one unlock method for any BitLocker-encrypted drives. +## Suspend and resume + +Some configuration changes may require to suspend BitLocker and then resume it after the change is applied. + +Follow the instructions below to suspend and resume BitLocker, selecting the option that best suits your needs. + +#### Suspend BitLocker + +#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell) + +```powershell +Suspend-BitLocker -MountPoint D +``` + +#### [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd) + +```cmd +manage-bde.exe -protectors -disable d: +``` + +#### [:::image type="icon" source="images/controlpanel.svg"::: **Control Panel**](#tab/controlpanel) + +You can only suspend BitLocker protection for the OS drive when using the Control Panel. + +From the **BitLocker Drive Encryption** Control Panel applet, select the OS drive and select the option **Suspend protection**. + +--- + +#### Resume BitLocker + +#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell) + +```powershell +Resume-BitLocker -MountPoint D +``` + +#### [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd) + +```cmd +manage-bde.exe -protectors -enable d: +``` + +#### [:::image type="icon" source="images/controlpanel.svg"::: **Control Panel**](#tab/controlpanel) + +From the **BitLocker Drive Encryption** Control Panel applet, select the OS drive and select the option **Resume protection**. + +--- + ## Disable BitLocker Disabling BitLocker decrypts and removes any associated protectors from the volumes. Decryption should occur when protection is no longer required, and not as a troubleshooting step. @@ -469,7 +517,7 @@ Disable-BitLocker To avoid specifying each mount point individually, use the `-MountPoint` parameter in an array to sequence the same command into one line, without requiring additional user input. Example: ```powershell -Disable-BitLocker -MountPoint E:,F:,G: +Disable-BitLocker -MountPoint C,D ``` #### [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd) @@ -486,8 +534,6 @@ This command disables protectors while it decrypts the volume and removes all pr BitLocker decryption using the Control Panel is done using a wizard. After opening the BitLocker Control Panel applet, select the **Turn off BitLocker** option to begin the process. To proceed, select the confirmation dialog. With **Turn off BitLocker** confirmed, the drive decryption process begins. -The Control Panel doesn't report decryption progress, but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress. - Once decryption is complete, the drive updates its status in the Control Panel and becomes available for encryption. --- diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md index 5f38b9bde1..6c0a67a7af 100644 --- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md +++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md @@ -73,8 +73,8 @@ Configuration of encrypted hard drives as startup drives is done using the same There are three related policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: - [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md#configure-use-of-hardware-based-encryption-for-fixed-data-drives) -- [Configure use of hardware-based encryption for removable data drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives) -- [Configure use of hardware-based encryption for operating system drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives) +- [Configure use of hardware-based encryption for removable data drives](bitlocker/configure.md#configure-use-of-hardware-based-encryption-for-removable-data-drives) +- [Configure use of hardware-based encryption for operating system drives](bitlocker/configure.md#configure-use-of-hardware-based-encryption-for-operating-system-drives) ## Encrypted hard drive architecture