diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index 49bb203d1e..2490ae95e9 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -7449,6 +7449,16 @@
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/plan",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/manage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/csv-san",
+      "redirect_document_id": false
     }
   ]
 }
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
index 001a92385f..3e06fa9225 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -34,9 +34,9 @@ For hardware that is compliant with Modern Standby and HSTI, when using either o
 
 For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD.
 
-## Managing servers
+## Manage servers
 
-Servers are often installed, configured, and deployed using PowerShell; therefore, the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server; therefore, follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC.
+Servers are often installed, configured, and deployed using PowerShell; therefore, the recommendation is to also use [PowerShell to enable BitLocker on a server](manage.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server; therefore, follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC.
 
 The Minimal Server Interface is a prerequisite for some of the BitLocker administration tools. On a [Server Core](/windows-server/get-started/getting-started-with-server-core/) installation, the necessary GUI components must be added first. The steps to add shell components to Server Core are described in [Using Features on Demand with Updated Systems and Patched Images](/archive/blogs/server_core/using-features-on-demand-with-updated-systems-and-patched-images) and [How to update local source media to add roles and features](/archive/blogs/joscon/how-to-update-local-source-media-to-add-roles-and-features).  
 
@@ -45,69 +45,4 @@ If a server is being installed manually, such as a stand-alone server, then choo
  Additionally, lights-out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](network-unlock.md).
  For more information, see the BitLocker FAQs article and other useful links in [Related Articles](#related-articles).
 
-## PowerShell examples
 
-For Azure AD-joined computers, including virtual machines, the recovery password should be stored in Azure AD.  
-
-**Example**: *Use PowerShell to add a recovery password and back it up to Azure AD before enabling BitLocker*
-
-```powershell
-Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
-
-$BLV = Get-BitLockerVolume -MountPoint "C:"
-
-BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
-```
-
-For domain-joined computers, including servers, the recovery password should be stored in Active Directory Domain Services (AD DS).
-
-**Example**: *Use PowerShell to add a recovery password and back it up to AD DS before enabling BitLocker*
-
-```powershell
-Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
-
-$BLV = Get-BitLockerVolume -MountPoint "C:"
-
-Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
-```
-
-PowerShell can then be used to enable BitLocker:
-
-**Example**: *Use PowerShell to enable BitLocker with a TPM protector*
-
-```powershell
-Enable-BitLocker -MountPoint "D:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector 
-```
-
-**Example**: *Use PowerShell to enable BitLocker with a TPM+PIN protector, in this case with a PIN set to 123456*
-
-```powershell
-$SecureString = ConvertTo-SecureString "123456" -AsPlainText -Force
-
-Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
-```
-
-## Related Articles
-
-- [BitLocker: FAQs](faq.yml)
-- [Microsoft BitLocker Administration and Management (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/)
-- [Overview of BitLocker Device Encryption](bitlocker-device-encryption.md)
-- [BitLocker policy settings](policy-settings.md)
-- [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune/)
-*(Overview)*
-- [Configuration Settings Providers](/windows/client-management/mdm/policy-configuration-service-provider)
-*(Policy CSP: See [Security-RequireDeviceEncryption](/windows/client-management/mdm/policy-csp-security#security-policies))*
-- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/)
-
-### Windows Server setup tools
-
-- [Windows Server Installation Options](/windows-server/get-started-19/install-upgrade-migrate-19/)
-- [How to update local source media to add roles and features](/archive/blogs/joscon/how-to-update-local-source-media-to-add-roles-and-features)
-- [How to add or remove optional components on Server Core](/archive/blogs/server_core/using-features-on-demand-with-updated-systems-and-patched-images) *(Features on Demand)*
-- [How to deploy BitLocker on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)  
-- [How to enable Network Unlock](network-unlock.md)
-- [Shielded VMs and Guarded Fabric](https://blogs.technet.microsoft.com/windowsserver/2016/05/10/a-closer-look-at-shielded-vms-in-windows-server-2016/)
-
-### PowerShell
-
-- [BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell)
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/configure.md b/windows/security/operating-system-security/data-protection/bitlocker/configure.md
index cd33ef59b4..36223aee22 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/configure.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/configure.md
@@ -157,19 +157,6 @@ Users can verify whether the recovery key was saved properly by checking OneDriv
 
 Windows Explorer allows users to launch the **BitLocker Drive Encryption Wizard** by right-clicking a volume and selecting **Turn On BitLocker**. This option is available on client computers by default. On servers, the BitLocker feature and the Desktop-Experience feature must first be installed for this option to be available. After selecting **Turn on BitLocker**, the wizard works exactly as it does when launched using the BitLocker control panel.
 
-## Down-level compatibility
-
-The following table shows the compatibility matrix for systems that have been BitLocker enabled and then presented to a different version of Windows.
-
-Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes
-
-|Encryption Type|Windows 11, Windows 10, and Windows 8.1|Windows 8|Windows 7|
-|---|---|---|---|
-|Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted|
-|Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted|
-|Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A|
-|Partially encrypted volume from Windows 7|Windows 11, Windows 10, and Windows 8.1 will complete encryption regardless of policy|Windows 8 will complete encryption regardless of policy|N/A|
-
 ## Encrypting volumes using the `manage-bde.exe` command-line interface
 
 `Manage-bde.exe` is a command-line utility that can be used for scripting BitLocker operations. `Manage-bde.exe` offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
@@ -246,112 +233,7 @@ manage-bde.exe -on C:
 
 ## Encrypting volumes using the BitLocker Windows PowerShell cmdlets
 
-Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets.
 
-|Name|Parameters|
-|--- |--- |
-|**Add-BitLockerKeyProtector**|<li>ADAccountOrGroup<li>ADAccountOrGroupProtector<li>Confirm<li>MountPoint<li>Password<li>PasswordProtector<li>Pin<li>RecoveryKeyPath<li>RecoveryKeyProtector<li>RecoveryPassword<li>RecoveryPasswordProtector<li>Service<li>StartupKeyPath<li>StartupKeyProtector<li>TpmAndPinAndStartupKeyProtector<li>TpmAndPinProtector<li>TpmAndStartupKeyProtector<li>TpmProtector<li>WhatIf|
-|**Backup-BitLockerKeyProtector**|<li>Confirm<li>KeyProtectorId<li>MountPoint<li>WhatIf|
-|**Disable-BitLocker**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Disable-BitLockerAutoUnlock**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Enable-BitLocker**|<li>AdAccountOrGroup<li>AdAccountOrGroupProtector<li>Confirm<li>EncryptionMethod<li>HardwareEncryption<li>Password<li>PasswordProtector<li>Pin<li>RecoveryKeyPath<li>RecoveryKeyProtector<li>RecoveryPassword<li>RecoveryPasswordProtector<li>Service<li>SkipHardwareTest<li>StartupKeyPath<li>StartupKeyProtector<li>TpmAndPinAndStartupKeyProtector<li>TpmAndPinProtector<li>TpmAndStartupKeyProtector<li>TpmProtector<li>UsedSpaceOnly<li>WhatIf|
-|**Enable-BitLockerAutoUnlock**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Get-BitLockerVolume**|<li>MountPoint|
-|**Lock-BitLocker**|<li>Confirm<li>ForceDismount<li>MountPoint<li>WhatIf|
-|**Remove-BitLockerKeyProtector**|<li>Confirm<li>KeyProtectorId<li>MountPoint<li>WhatIf|
-|**Resume-BitLocker**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Suspend-BitLocker**|<li>Confirm<li>MountPoint<li>RebootCount<li>WhatIf|
-|**Unlock-BitLocker**|<li>AdAccountOrGroup<li>Confirm<li>MountPoint<li>Password<li>RecoveryKeyPath<li>RecoveryPassword<li>RecoveryPassword<li>WhatIf|
-
-Similar to `manage-bde.exe`, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with `manage-bde.exe`, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets.
-
-A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the `Get-BitLocker` volume PowerShell cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information.
-
-Occasionally, all protectors may not be shown when using **Get-BitLockerVolume** due to lack of space in the output display. If all of the protectors for a volume aren't seen, the Windows PowerShell pipe command (`|`) can be used to format a listing of the protectors.
-
-> [!NOTE]
-> In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID.
-
-```powershell
-Get-BitLockerVolume C: | fl
-```
-
-If the existing protectors need to be removed prior to provisioning BitLocker on the volume, the `Remove-BitLockerKeyProtector` cmdlet can be used. Accomplishing this action requires the GUID associated with the protector to be removed.
-A simple script can pipe out the values of each **Get-BitLockerVolume** return to another variable as seen below:
-
-```powershell
-$vol = Get-BitLockerVolume
-$keyprotectors = $vol.KeyProtector
-```
-
-Using this script, the information in the **$keyprotectors** variable can be displayed to determine the GUID for each protector. This information can then be used to remove the key protector for a specific volume using the command:
-
-```powershell
-Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
-```
-
-> [!NOTE]
-> The BitLocker cmdlet requires the key protector GUID (enclosed in quotation marks) to execute. Ensure the entire GUID, with braces, is included in the command.
-
-### Operating system volume PowerShell cmdlets
-
-Using the BitLocker Windows PowerShell cmdlets is similar to working with the `manage-bde.exe` tool for encrypting operating system volumes. Windows PowerShell offers users flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell.
-
-To enable BitLocker with just the TPM protector, use this command:
-
-```powershell
-Enable-BitLocker C:
-```
-
-The example below adds one additional protector, the StartupKey protectors, and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot.
-
-```powershell
-Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
-```
-
-### Data volume PowerShell cmdlets
-
-Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user-defined password. Last, encryption begins.
-
-```powershell
-$pw = Read-Host -AsSecureString
-<user inputs password>
-Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
-```
-
-### Using an SID-based protector in Windows PowerShell
-
-The **ADAccountOrGroup** protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding an SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and unlock to any member computer of the cluster.
-
-> [!WARNING]
-> The SID-based protector requires the use of an additional protector such as TPM, PIN, recovery key, etc. when used on operating system volumes.
-
-To add an **ADAccountOrGroup** protector to a volume, either the domain SID is needed or the group name preceded by the domain and a backslash. In the example below, the **CONTOSO\\Administrator** account is added as a protector to the data volume G.
-
-```powershell
-Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
-```
-
-For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command:
-
-```powershell
-Get-ADUser -filter {samaccountname -eq "administrator"}
-```
-
-> [!NOTE]
-> Use of this command requires the RSAT-AD-PowerShell feature.
-
-> [!TIP]
-> In addition to the Windows PowerShell command above, information about the locally logged on user and group membership can be found using: `WHOAMI /ALL`. This doesn't require the use of additional features.
-
-In the example below, the user wishes to add a domain SID-based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
-
-```powershell
-Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>"
-```
-
-> [!NOTE]
-> Active Directory-based protectors are normally used to unlock Failover Cluster-enabled volumes.
 
 ## Checking BitLocker status
 
@@ -447,9 +329,44 @@ If a user didn't want to input each mount point individually, using the `-MountP
 Disable-BitLocker -MountPoint E:,F:,G:
 ```
 
-## Related articles
+## PowerShell examples
 
-- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
-- [BitLocker recovery guide](bitlocker-recovery-guide-plan.md)
-- [BitLocker: How to enable Network Unlock](network-unlock.md)
-- [BitLocker overview](index.md)
+For Azure AD-joined computers, including virtual machines, the recovery password should be stored in Azure AD.  
+
+**Example**: *Use PowerShell to add a recovery password and back it up to Azure AD before enabling BitLocker*
+
+```powershell
+Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
+
+$BLV = Get-BitLockerVolume -MountPoint "C:"
+
+BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
+```
+
+For domain-joined computers, including servers, the recovery password should be stored in Active Directory Domain Services (AD DS).
+
+**Example**: *Use PowerShell to add a recovery password and back it up to AD DS before enabling BitLocker*
+
+```powershell
+Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
+
+$BLV = Get-BitLockerVolume -MountPoint "C:"
+
+Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
+```
+
+PowerShell can then be used to enable BitLocker:
+
+**Example**: *Use PowerShell to enable BitLocker with a TPM protector*
+
+```powershell
+Enable-BitLocker -MountPoint "D:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector 
+```
+
+**Example**: *Use PowerShell to enable BitLocker with a TPM+PIN protector, in this case with a PIN set to 123456*
+
+```powershell
+$SecureString = ConvertTo-SecureString "123456" -AsPlainText -Force
+
+Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
+```
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
similarity index 100%
rename from windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
rename to windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/manage.md
similarity index 65%
rename from windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
rename to windows/security/operating-system-security/data-protection/bitlocker/manage.md
index 8073f52262..6f865c35b9 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/manage.md
@@ -9,7 +9,7 @@ ms.date: 07/25/2023
 
 # How to use the BitLocker drive encryption tools to manage BitLocker
 
-BitLocker drive encryption tools include the command-line tools *manage-bde.exe*, *repair-bde.exe*, and the cmdlets for Windows PowerShell.
+BitLocker drive encryption tools include the two command-line tools *manage-bde.exe* and *repair-bde.exe*, and the BitLocker PowerShell module.
 
 The tools can be used to perform any tasks that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
 
@@ -108,47 +108,56 @@ The following limitations exist for Repair-bde:
 
 For more information about using repair-bde, see [Repair-bde](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829851(v=ws.11)).
 
-## BitLocker cmdlets for Windows PowerShell
+## BitLocker PowerShell module
 
-Windows PowerShell cmdlets provide a new way for administrators to use when working with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets.
+The BitLocker PowerShell module enables administrators to integrate BitLocker options into existing scripts with ease. Here's a lists of the cmdlets included in the BitLocker PowerShell module:
 
-|Name|Parameters|
-|--- |--- |
-|**Add-BitLockerKeyProtector**|<li>ADAccountOrGroup<li>ADAccountOrGroupProtector<li>Confirm<li>MountPoint<li>Password<li>PasswordProtector<li>Pin<li>RecoveryKeyPath<li>RecoveryKeyProtector<li>RecoveryPassword<li>RecoveryPasswordProtector<li>Service<li>StartupKeyPath<li>StartupKeyProtector<li>TpmAndPinAndStartupKeyProtector<li>TpmAndPinProtector<li>TpmAndStartupKeyProtector<li>TpmProtector<li>WhatIf|
-|**Backup-BitLockerKeyProtector**|<li>Confirm<li>KeyProtectorId<li>MountPoint<li>WhatIf|
-|**Disable-BitLocker**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Disable-BitLockerAutoUnlock**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Enable-BitLocker**|<li>AdAccountOrGroup<li>AdAccountOrGroupProtector<li>Confirm<li>EncryptionMethod<li>HardwareEncryption<li>Password<li>PasswordProtector<li>Pin<li>RecoveryKeyPath<li>RecoveryKeyProtector<li>RecoveryPassword<li>RecoveryPasswordProtector<li>Service<li>SkipHardwareTest<li>StartupKeyPath<li>StartupKeyProtector<li>TpmAndPinAndStartupKeyProtector<li>TpmAndPinProtector<li>TpmAndStartupKeyProtector<li>TpmProtector<li>UsedSpaceOnly<li>WhatIf|
-|**Enable-BitLockerAutoUnlock**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Get-BitLockerVolume**|<li>MountPoint|
-|**Lock-BitLocker**|<li>Confirm<li>ForceDismount<li>MountPoint<li>WhatIf|
-|**Remove-BitLockerKeyProtector**|<li>Confirm<li>KeyProtectorId<li>MountPoint<li>WhatIf|
-|**Resume-BitLocker**|<li>Confirm<li>MountPoint<li>WhatIf|
-|**Suspend-BitLocker**|<li>Confirm<li>MountPoint<li>RebootCount<li>WhatIf|
-|**Unlock-BitLocker**|<li>AdAccountOrGroup<li>Confirm<li>MountPoint<li>Password<li>RecoveryKeyPath<li>RecoveryPassword<li>RecoveryPassword<li>WhatIf|
+- `Add-BitLockerKeyProtector`
+- `Backup-BitLockerKeyProtector`
+- `BackupToAAD-BitLockerKeyProtector`
+- `Clear-BitLockerAutoUnlock`
+- `Disable-BitLocker`
+- `Disable-BitLockerAutoUnlock`
+- `Enable-BitLocker`
+- `Enable-BitLockerAutoUnlock`
+- `Get-BitLockerVolume`
+- `Lock-BitLocker`
+- `Remove-BitLockerKeyProtector`
+- `Resume-BitLocker`
+- `Suspend-BitLocker`
+- `Unlock-BitLocker`
 
-Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets.
+Similar to manage-bde, the PowerShell cmdlets allow configuration beyond the options offered in the control panel. A good initial step is to determine the current state of the volume(s) on the computer. For example, to determine the current state of a volume you can use the `Get-BitLockerVolume` cmdlet, which provides information on the volume type, protectors, protection status, and other details.
 
-A good initial step is to determine the current state of the volume(s) on the computer. Determining the current state of the volume(s) can be done using the `Get-BitLockerVolume` cmdlet.
+```powershell
+PS C:\> Get-BitLockerVolume C: | fl
 
-The `Get-BitLockerVolume` cmdlet output gives information on the volume type, protectors, protection status, and other details.
-
-> [!TIP]
-> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If all of the protectors for a volume are not seen, use the Windows PowerShell pipe command (|) to format a full listing of the protectors:
-> 
-> `Get-BitLockerVolume C: | fl`
+ComputerName         : DESKTOP
+MountPoint           : C:
+EncryptionMethod     : XtsAes128
+AutoUnlockEnabled    :
+AutoUnlockKeyStored  : False
+MetadataVersion      : 2
+VolumeStatus         : FullyEncrypted
+ProtectionStatus     : On
+LockStatus           : Unlocked
+EncryptionPercentage : 100
+WipePercentage       : 0
+VolumeType           : OperatingSystem
+CapacityGB           : 1000
+KeyProtector         : {Tpm, RecoveryPassword}
+```
 
 To remove the existing protectors prior to provisioning BitLocker on the volume, use the `Remove-BitLockerKeyProtector` cmdlet. Running this cmdlet requires the GUID associated with the protector to be removed.
 
-A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below:
+The following commands return the list of key protectors and GUIDS:
 
-```powershell
+```PowerShell
 $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
+$keyprotectors
 ```
 
-By using this script, the information in the $keyprotectors variable can be displayed to determine the GUID for each protector.
-
 By using this information, the key protector for a specific volume can be removed using the command:
 
 ```powershell
@@ -185,14 +194,14 @@ $pw = Read-Host -AsSecureString
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 ```
 
-### Using an AD Account or Group protector in Windows PowerShell
+### Using an SID-based protector in Windows PowerShell
 
-The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and become unlocked by any member computer of the cluster.
+The **ADAccountOrGroup** protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding an SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and unlock to any member computer of the cluster.
 
 > [!WARNING]
-> The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes
+> The SID-based protector requires the use of an additional protector such as TPM, PIN, recovery key, etc. when used on operating system volumes.
 
-To add an **ADAccountOrGroup** protector to a volume, use either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
+To add an **ADAccountOrGroup** protector to a volume, either the domain SID is needed or the group name preceded by the domain and a backslash. In the example below, the **CONTOSO\\Administrator** account is added as a protector to the data volume G.
 
 ```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
@@ -200,29 +209,21 @@ Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Adminis
 
 For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command:
 
+```powershell
+Get-ADUser -filter {samaccountname -eq "administrator"}
+```
+
 > [!NOTE]
 > Use of this command requires the RSAT-AD-PowerShell feature.
 
-```powershell
-get-aduser -filter {samaccountname -eq "administrator"}
-```
-
 > [!TIP]
-> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This doesn't require the use of additional features.
+> In addition to the Windows PowerShell command above, information about the locally logged on user and group membership can be found using: `WHOAMI /ALL`. This doesn't require the use of additional features.
 
-The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account:
+In the example below, the user wishes to add a domain SID-based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
 
 ```powershell
-Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500
+Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>"
 ```
 
 > [!NOTE]
-> Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
-
-## Related articles
-
-- [BitLocker overview](index.md)
-- [BitLocker frequently asked questions (FAQ)](faq.yml)
-- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
-- [BitLocker: How to enable Network Unlock](network-unlock.md)
-- [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
+> Active Directory-based protectors are normally used to unlock Failover Cluster-enabled volumes.
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml
index cb5af928c0..f5c3fca696 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml
+++ b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml
@@ -20,11 +20,11 @@ items:
     - name: Configure BitLocker on Windows Server
       href: bitlocker-how-to-deploy-on-windows-server.md
     - name: Manage BitLocker with Drive Encryption Tools
-      href: bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+      href: manage.md
     - name: BitLocker Recovery Guide
       href: bitlocker-recovery-guide-plan.md
     - name: Protect cluster shared volumes and storage area networks with BitLocker
-      href: protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+      href: csv-san.md
     - name: Network Unlock
       href: network-unlock.md
     - name: BitLocker Recovery Password Viewer