diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md index a78aa01369..36c55c753d 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md @@ -12,7 +12,7 @@ This policy configures a minimum length for a Trusted Platform Module (TPM) star If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN.\ If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. -The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../../../../hardware-security/tpm/trusted-platform-module-services-group-configure.md) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made. +The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../../../../hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made. The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This number of attempts totals to a maximum of about 4415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years. diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md index a2961967ab..5f38b9bde1 100644 --- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md +++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md @@ -72,7 +72,7 @@ Configuration of encrypted hard drives as startup drives is done using the same There are three related policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: -- [Configure use of hardware-based encryption for fixed data drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-fixed-data-drives) +- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md#configure-use-of-hardware-based-encryption-for-fixed-data-drives) - [Configure use of hardware-based encryption for removable data drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives) - [Configure use of hardware-based encryption for operating system drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives)