diff --git a/windows/device-security/bitlocker/bitlocker-group-policy-settings.md b/windows/device-security/bitlocker/bitlocker-group-policy-settings.md index fd3c05a29a..5853b5df22 100644 --- a/windows/device-security/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/device-security/bitlocker/bitlocker-group-policy-settings.md @@ -237,7 +237,7 @@ On a computer with a compatible TPM, four types of authentication methods can be - only the TPM for authentication - insertion of a USB flash drive containing the startup key -- the entry of a 4-digit to 20-digit personal identification number (PIN) +- the entry of a 6-digit to 20-digit personal identification number (PIN) - a combination of the PIN and the USB flash drive There are four options for TPM-enabled computers or devices: @@ -347,14 +347,14 @@ This policy setting is used to set a minimum PIN length when you use an unlock m

When disabled or not configured

-

Users can configure a startup PIN of any length between 4 and 20 digits.

+

Users can configure a startup PIN of any length between 6 and 20 digits.

  **Reference** -This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. +This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits. ### Disable new DMA devices when this computer is locked @@ -527,7 +527,7 @@ This policy setting is used to control what unlock options are available for com   **Reference** -On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 4-digit to 20-digit startup PIN. +On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN. A USB drive that contains a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material that is on this USB drive. diff --git a/windows/device-security/change-history-for-device-security.md b/windows/device-security/change-history-for-device-security.md index 850d3d83c0..20d4edb47f 100644 --- a/windows/device-security/change-history-for-device-security.md +++ b/windows/device-security/change-history-for-device-security.md @@ -11,7 +11,12 @@ author: brianlic-msft # Change history for device security This topic lists new and updated topics in the [Device security](index.md) documentation. +## May 2017 +|New or changed topic |Description | +|---------------------|------------| +| [BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Changed startup PIN minimun length from 4 to 6. | + ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| \ No newline at end of file +|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) | Updated to include additional security qualifications starting with Windows 10, version 1703.| \ No newline at end of file