deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-emie-portal

Browse Source
This commit is contained in:
LizRoss 2017-05-17 13:50:21 -07:00
commit 54ebad3751
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/device-security/bitlocker/bitlocker-group-policy-settings.md
View File

@ -237,7 +237,7 @@ On a computer with a compatible TPM, four types of authentication methods can be
- only the TPM for authentication
- insertion of a USB flash drive containing the startup key
- the entry of a 4-digit to 20-digit personal identification number (PIN)
- the entry of a 6-digit to 20-digit personal identification number (PIN)
- a combination of the PIN and the USB flash drive
There are four options for TPM-enabled computers or devices:
@ -347,14 +347,14 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
</tr>
<tr class="odd">
<td align="left"><p><strong>When disabled or not configured</strong></p></td>
<td align="left"><p>Users can configure a startup PIN of any length between 4 and 20 digits.</p></td>
<td align="left"><p>Users can configure a startup PIN of any length between 6 and 20 digits.</p></td>
</tr>
</tbody>
</table>
 
**Reference**
This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
### Disable new DMA devices when this computer is locked
@ -527,7 +527,7 @@ This policy setting is used to control what unlock options are available for com
 
**Reference**
On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 4-digit to 20-digit startup PIN.
On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN.
A USB drive that contains a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material that is on this USB drive.

7
windows/device-security/change-history-for-device-security.md
View File

@ -11,7 +11,12 @@ author: brianlic-msft
# Change history for device security
This topic lists new and updated topics in the [Device security](index.md) documentation.
## May 2017
|New or changed topic |Description |
|---------------------|------------|
| [BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Changed startup PIN minimun length from 4 to 6. |
## March 2017
|New or changed topic |Description |
|---------------------|------------|
|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) | Updated to include additional security qualifications starting with Windows 10, version 1703.|