PDE content move

windows/security/docfx.json

@@ -76,6 +76,7 @@
         "application-security/application-control/user-account-control/*.md": "paolomatarazzo",
         "application-security/application-isolation/windows-sandbox/**/*.md": "vinaypamnani-msft",
         "identity-protection/**/*.md": "paolomatarazzo",
+        "operating-system-security/data-protection/**/*.md": "paolomatarazzo",
         "operating-system-security/network-security/**/*.md": "paolomatarazzo",
         "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
       },
@@ -83,6 +84,7 @@
         "application-security/application-control/user-account-control/*.md": "paoloma",
         "application-security/application-isolation/windows-sandbox/**/*.md": "vinpa",
         "identity-protection/**/*.md": "paoloma",
+        "operating-system-security/data-protection/**/*.md": "paoloma",
         "operating-system-security/network-security/**/*.md": "paoloma",
         "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
       },
@@ -123,6 +125,16 @@
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ],
+        "operating-system-security/data-protection/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "operating-system-security/data-protection/personal-data-encryption/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+        ],
         "operating-system-security/network-security/windows-firewall/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
@@ -136,16 +148,17 @@
         "identity-protection/credential-guard/*.md": "zwhittington",
         "identity-protection/access-control/*.md": "sulahiri",
         "operating-system-security/network-security/windows-firewall/*.md": "paoloma",
-        "operating-system-security/network-security/vpn/*.md": "pesmith"
+        "operating-system-security/network-security/vpn/*.md": "pesmith",
+        "operating-system-security/data-protection/personal-data-encryption/*.md":"rhonnegowda"
       },
       "ms.collection": {
         "identity-protection/hello-for-business/*.md": "tier1",
-        "information-protection/bitlocker/*.md": "tier1",
-        "information-protection/personal-data-encryption/*.md": "tier1",
         "information-protection/pluton/*.md": "tier1",
         "information-protection/tpm/*.md": "tier1",
         "threat-protection/auditing/*.md": "tier3",
         "threat-protection/windows-defender-application-control/*.md": "tier3",
+        "operating-system-security/data-protection/bitlocker/*.md": "tier1",
+        "operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
         "operating-system-security/network-security/windows-firewall/*.md": "tier3"
       }
     },

windows/security/identity-protection/hello-for-business/toc.yml

@@ -1,3 +1,4 @@
+items:
 - name: Windows Hello for Business documentation
   href: index.yml
 - name: Concepts

windows/security/operating-system-security/data-protection/configure-s-mime.md

@@ -3,8 +3,6 @@ title: Configure S/MIME for Windows
 description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows.
 ms.topic: how-to
 ms.date: 05/31/2023
-author: paolomatarazzo
-ms.author: paoloma
 ---
 
 

windows/security/operating-system-security/data-protection/encrypted-hard-drive.md

@@ -1,11 +1,6 @@
 ---
 title: Encrypted Hard Drive 
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
-ms.reviewer: 
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
 ms.date: 11/08/2022
 ms.technology: itpro-security
 ms.topic: conceptual
@@ -13,15 +8,6 @@ ms.topic: conceptual
 
 # Encrypted Hard Drive
 
-*Applies to:*
-
-- Windows 10
-- Windows 11
-- Windows Server 2022
-- Windows Server 2019
-- Windows Server 2016
-- Azure Stack HCI
-
 Encrypted hard drive uses the rapid encryption that is provided by BitLocker drive encryption to enhance data security and management.
 
 By offloading the cryptographic operations to hardware, Encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
@@ -48,7 +34,7 @@ Encrypted hard drives are supported natively in the operating system through the
 
 If you're a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](/previous-versions/windows/hardware/design/dn653989(v=vs.85)).
 
-[!INCLUDE [encrypted-hard-drive](../../../includes/licensing/encrypted-hard-drive.md)]
+[!INCLUDE [encrypted-hard-drive](../../../../includes/licensing/encrypted-hard-drive.md)]
 
 ## System Requirements
 

windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md

@@ -1,14 +1,7 @@
 ---
 title: Configure Personal Data Encryption (PDE) in Intune
 description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -21,19 +14,15 @@ The various required and recommended policies needed for Personal Data Encryptio
 
 ## Required prerequisites
 
-1. [Enable Personal Data Encryption (PDE)](pde-in-intune/intune-enable-pde.md)
+1. [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
-
+1. [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
-1. [Disable Winlogon automatic restart sign-on (ARSO)](pde-in-intune/intune-disable-arso.md)
 
 ## Security hardening recommendations
 
-1. [Disable kernel-mode crash dumps and live dumps](pde-in-intune/intune-disable-memory-dumps.md)
+1. [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+1. [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-1. [Disable Windows Error Reporting (WER)/user-mode crash dumps](pde-in-intune/intune-disable-wer.md)
+1. [Disable hibernation](intune-disable-hibernation.md)
-
+1. [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-1. [Disable hibernation](pde-in-intune/intune-disable-hibernation.md)
-
-1. [Disable allowing users to select when a password is required when resuming from connected standby](pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## See also
 

windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml

@@ -3,14 +3,7 @@
 metadata:
   title: Frequently asked questions for Personal Data Encryption (PDE)
   description: Answers to common questions regarding Personal Data Encryption (PDE).
-  author: frankroj
-  ms.author: frankroj
-  ms.reviewer: rhonnegowda
-  manager: aaroncz
   ms.topic: faq
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  ms.localizationpriority: medium
   ms.date: 03/13/2023
 
 # Max 5963468 OS 32516487

windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md

@@ -1,22 +1,14 @@
 ---
-title: Personal Data Encryption (PDE) description
-description: Personal Data Encryption (PDE) description include file
-
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: include
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
 <!-- Max 5963468 OS 32516487 -->
 <!-- Max 6946251 -->
 
-Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it  encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
+Starting in Windows 11, version 22H2, Personal Data Encryption (PDE) is a security feature that provides more encryption capabilities to Windows. 
+
+PDE differs from BitLocker in that it  encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
 
 PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to content. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
 

windows/security/operating-system-security/data-protection/personal-data-encryption/index.md

@@ -1,14 +1,8 @@
 ---
 title: Personal Data Encryption (PDE)
 description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
 manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -17,28 +11,24 @@ ms.date: 03/13/2023
 
 # Personal Data Encryption (PDE)
 
-**Applies to:**
-
-- Windows 11, version 22H2 and later Enterprise and Education editions
-
 [!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
 
-[!INCLUDE [personal-data-encryption-pde](../../../../includes/licensing/personal-data-encryption-pde.md)]
+[!INCLUDE [personal-data-encryption-pde](../../../../../includes/licensing/personal-data-encryption-pde.md)]
 
 ## Prerequisites
 
 ### Required
 
 - [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
-- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
+- [Windows Hello for Business](identity-protection/hello-for-business/hello-overview.md)
 - Windows 11, version 22H2 and later Enterprise and Education editions
 
 ### Not supported with PDE
 
 - [FIDO/security key authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
 - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
-  - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](pde-in-intune/intune-disable-arso.md).
+  - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md).
-- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
+- [Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)
 - [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
 - Remote Desktop connections
 
@@ -46,15 +36,15 @@ ms.date: 03/13/2023
 
 - [Kernel-mode crash dumps  and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies)
 
-   Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](pde-in-intune/intune-disable-memory-dumps.md).
+   Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md).
 
 - [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting)
 
-   Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For more information on disabling crash dumps via Intune, see [Disable Windows Error Reporting (WER)/user-mode crash dumps](pde-in-intune/intune-disable-wer.md).
+   Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For more information on disabling crash dumps via Intune, see [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md).
 
 - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
 
-   Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For more information on disabling crash dumps via Intune, see [Disable hibernation](pde-in-intune/intune-disable-hibernation.md).
+   Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For more information on disabling crash dumps via Intune, see [Disable hibernation](intune-disable-hibernation.md).
 
 - [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock)
 
@@ -76,11 +66,11 @@ ms.date: 03/13/2023
 
     Because of this undesired outcome, it's recommended to explicitly disable this policy on Azure AD joined devices instead of leaving it at the default of **Not configured**.
 
-   For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](pde-in-intune/intune-disable-password-connected-standby.md).
+   For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md).
 
 ### Highly recommended
 
-- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
+- [BitLocker Drive Encryption](bitlocker/bitlocker-overview.md) enabled
 
    Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to work alongside BitLocker for increased security. PDE isn't a replacement for BitLocker.
 
@@ -88,7 +78,7 @@ ms.date: 03/13/2023
 
    In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost. In such scenarios, any content protected with PDE will no longer be accessible. The only way to recover such content would be from backup.
 
-- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
+- [Windows Hello for Business PIN reset service](identity-protection/hello-for-business/hello-feature-pin-reset.md)
 
    Destructive PIN resets will cause keys used by PDE to protect content to be lost. A destructive PIN reset will make any content protected with PDE no longer accessible after the destructive PIN reset has occurred. Content protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
 
@@ -137,7 +127,7 @@ There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-c
 > [!NOTE]
 > Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
 
-For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](pde-in-intune/intune-enable-pde.md).
+For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](intune-enable-pde.md).
 
 ## Differences between PDE and BitLocker
 

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md

@@ -1,15 +1,8 @@
 ---
 title: Disable Winlogon automatic restart sign-on (ARSO) for PDE in Intune
 description: Disable Winlogon automatic restart sign-on (ARSO) for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
+ms.date: 06/01/2023
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
 ---
 
 # Disable Winlogon automatic restart sign-on (ARSO) for PDE
@@ -20,81 +13,51 @@ Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal
 
 To disable ARSO using Intune, follow the below steps:
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Templates**
-
+   1. When the templates appear, under **Template name**, select **Administrative templates**
-   1. Under **Profile type**, select **Templates**.
-
-   1. When the templates appear, under **Template name**, select **Administrative templates**.
-
    1. Select **Create** to close the **Create profile** window.
-
 1. The **Create profile** screen will open. In the **Basics** page:
-
+   1. Next to **Name**, enter **Disable ARSO**
-   1. Next to **Name**, enter **Disable ARSO**.
+   1. Next to **Description**, enter a description
-
+   1. Select **Next**
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
 1. In the **Configuration settings** page:
-
+   1. On the left pane of the page, make sure **Computer Configuration** is selected
-   1. On the left pane of the page, make sure **Computer Configuration** is selected.
+   1. Under **Setting name**, scroll down and select **Windows Components**
-
+   1. Under **Setting name**, scroll down and select **Windows Logon Options**. You may need to navigate between pages on the bottom right corner before finding the **Windows Logon Options** option
-   1. Under **Setting name**, scroll down and select **Windows Components**.
+   1. Under **Setting name** of the **Windows Logon Options** pane, select **Sign-in and lock last interactive user automatically after a restart**
-
+   1. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**
-   1. Under **Setting name**, scroll down and select **Windows Logon Options**. You may need to navigate between pages on the bottom right corner before finding the **Windows Logon Options** option.
+   1. Select **Next**
-
+1. In the **Scope tags** page, configure if necessary and then select **Next**
-   1. Under **Setting name** of the **Windows Logon Options** pane, select **Sign-in and lock last interactive user automatically after a restart**.
-
-   1. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to select **Add groups** under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+- [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
 
 ### Security hardening recommendations
 
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+- [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+- [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+- [Disable hibernation](intune-disable-hibernation.md)
-
+- [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md

@@ -1,14 +1,7 @@
 ---
 title: Disable hibernation for PDE in Intune
 description: Disable hibernation for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -20,79 +13,50 @@ Hibernation files can potentially cause the keys used by Personal Data Encryptio
 
 To disable hibernation using Intune, follow the below steps:
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Settings catalog**
-
+   1. Select **Create** to close the **Create profile** window
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
 1. The **Create profile** screen will open. In the **Basics** page:
-
+   1. Next to **Name**, enter **Disable Hibernation**
-   1. Next to **Name**, enter **Disable Hibernation**.
+   1. Next to **Description**, enter a description
-
+   1. Select **Next**
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
 1. In the **Configuration settings** page:
-
+   1. select **Add settings**
-   1. select **Add settings**.
-
    1. In the **Settings picker** window that opens:
-
+      1. Under **Browse by category**, scroll down and select **Power**
-      1. Under **Browse by category**, scroll down and select **Power**.
+      1. When the settings for the **Power** category appear under **Setting name** in the lower pane, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
-
+   1. Change **Allow Hibernate** from **Allow** to **Block** by selecting the slider next to the option
-      1. When the settings for the **Power** category appear under **Setting name** in the lower pane, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+   1. Select **Next**
-
+1. In the **Scope tags** page, configure if necessary and then select **Next**
-   1. Change **Allow Hibernate** from **Allow** to **Block** by selecting the slider next to the option.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+- [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
-
+- [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
 
 ### Security hardening recommendations
 
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+- [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+- [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+- [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md

@@ -1,14 +1,7 @@
 ---
 title: Disable kernel-mode crash dumps and live dumps for PDE in Intune
 description: Disable kernel-mode crash dumps and live dumps for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -20,77 +13,49 @@ Kernel-mode crash dumps and live dumps can potentially cause the keys used by Pe
 
 To disable kernel-mode crash dumps and live dumps using Intune, follow the below steps:
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Settings catalog**
-
+   1. Select **Create** to close the **Create profile** window
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
 1. The **Create profile** screen will open. In the **Basics** page:
-
+   1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**
-   1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**.
-
    1. Next to **Description**, enter a description.
-
+   1. Select **Next**
-   1. Select **Next**.
-
 1. In the **Configuration settings** page:
-
+   1. Select **Add settings**
-   1. Select **Add settings**.
-
    1. In the **Settings picker** window that opens:
-
+      1. Under **Browse by category**, scroll down and select **Memory Dump**
-      1. Under **Browse by category**, scroll down and select **Memory Dump**.
+      1. When the settings for the **Memory Dump** category appear under **Setting name** in the lower pane, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
-
+   1. Change both **Allow Live Dump** and **Allow Crash Dump** from **Allow** to **Block** by selecting the slider next to each option, and then select **Next**
-      1. When the settings for the **Memory Dump** category appear under **Setting name** in the lower pane, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+1. In the **Scope tags** page, configure if necessary and then select **Next**
-
-   1. Change both **Allow Live Dump** and **Allow Crash Dump** from **Allow** to **Block** by selecting the slider next to each option, and then select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+- [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
-
+- [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
 
 ### Security hardening recommendations
 
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+- [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-
+- [Disable hibernation](intune-disable-hibernation.md)
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+- [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md

@@ -1,14 +1,7 @@
 ---
 title: Disable allowing users to select when a password is required when resuming from connected standby for PDE in Intune
 description: Disable allowing users to select when a password is required when resuming from connected standby for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -17,18 +10,12 @@ ms.date: 03/13/2023
 When the **Disable allowing users to select when a password is required when resuming from connected standby** policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including Azure Active Directory joined devices, is different:
 
 - On-premises Active Directory joined devices:
-
+  - A user can't change the amount of time after the device's screen turns off before a password is required when waking the device
-  - A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device.
+  - A password is required immediately after the screen turns off
-
+    The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices
-  - A password is required immediately after the screen turns off.
-
-    The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices.
-
 - Workgroup devices, including Azure AD joined devices:
-
+  - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device
-  - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device.
+  - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome
-
-  - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome.
 
 Because of this undesired outcome, it's recommended to explicitly disable this policy on Azure AD joined devices instead of leaving it at the default of **Not configured**.
 
@@ -36,83 +23,54 @@ Because of this undesired outcome, it's recommended to explicitly disable this p
 
 To disable the policy **Disable allowing users to select when a password is required when resuming from connected standby** using Intune, follow the below steps:
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Settings catalog**
-
+   1. Select **Create** to close the **Create profile** window
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
 1. The **Create profile** screen will open. In the **Basics** page:
-
+    1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**
-    1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**.
+    1. Next to **Description**, enter a description
-
-    1. Next to **Description**, enter a description.
-
     1. Select **Next**.
 
 1. In the **Configuration settings** page:
-
+   1. Select **Add settings**
-   1. Select **Add settings**.
-
    1. In the **Settings picker** window that opens:
+      1. Under **Browse by category**, expand **Administrative Templates**
+      1. Under **Administrative Templates**, scroll down and expand **System**
+      1. Under **System**, scroll down and select **Logon**
+      1. When the settings for the **Logon** subcategory appear under **Setting name** in the lower pane, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
+   1. Leave the slider for **Allow users to select when a password is required when resuming from connected standby** at the default of **Disabled**
+   1. select **Next**
 
-      1. Under **Browse by category**, expand **Administrative Templates**.
+1. In the **Scope tags** page, configure if necessary and then select **Next**
-
-      1. Under **Administrative Templates**, scroll down and expand **System**.
-
-      1. Under **System**, scroll down and select **Logon**.
-
-      1. When the settings for the **Logon** subcategory appear under **Setting name** in the lower pane, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Leave the slider for **Allow users to select when a password is required when resuming from connected standby** at the default of **Disabled**.
-
-   1. select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+- [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
-
+- [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
 
 ### Security hardening recommendations
 
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+- [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+- [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+- [Disable hibernation](intune-disable-hibernation.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md

@@ -1,14 +1,7 @@
 ---
 title: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune
 description: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -20,83 +13,52 @@ Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode cras
 
 To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune, follow the below steps:
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Settings catalog**
-
+   1. Select **Create** to close the **Create profile** window
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
 1. The **Create profile** screen will open. In the **Basics** page:
-
+   1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**
-   1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**.
+   1. Next to **Description**, enter a description
-
+   1. Select **Next**
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
 1. In the **Configuration settings** page:
-
+   1. Select **Add settings**
-   1. Select **Add settings**.
-
    1. In the **Settings picker** window that opens:
-
+      1. Under **Browse by category**, expand **Administrative Templates**
-      1. Under **Browse by category**, expand **Administrative Templates**.
+      1. Under **Administrative Templates**, scroll down and expand **Windows Components**
-
+      1. Under **Windows Components**, scroll down and select **Windows Error Reporting**. Make sure to only select **Windows Error Reporting** and not to expand it
-      1. Under **Administrative Templates**, scroll down and expand **Windows Components**.
+      1. When the settings for the **Windows Error Reporting** subcategory appear under **Setting name** in the lower pane, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
-
+   1. Change **Disable Windows Error Reporting** from **Disabled** to **Enabled** by selecting the slider next to the option
-      1. Under **Windows Components**, scroll down and select **Windows Error Reporting**. Make sure to only select **Windows Error Reporting** and not to expand it.
+   1. Select **Next**
-
+1. In the **Scope tags** page, configure if necessary and then select **Next**
-      1. When the settings for the **Windows Error Reporting** subcategory appear under **Setting name** in the lower pane, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Change **Disable Windows Error Reporting** from **Disabled** to **Enabled** by selecting the slider next to the option.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+- [Enable Personal Data Encryption (PDE)](intune-enable-pde.md)
-
+- [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
 
 ### Security hardening recommendations
 
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+- [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+- [Disable hibernation](intune-disable-hibernation.md)
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+- [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md

@@ -1,14 +1,7 @@
 ---
 title: Enable Personal Data Encryption (PDE) in Intune
 description: Enable Personal Data Encryption (PDE) in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
 ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
 ms.date: 03/13/2023
 ---
 
@@ -24,89 +17,54 @@ By default, Personal Data Encryption (PDE) is not enabled on devices. Before PDE
 To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
+1. In the **Home** screen, select **Devices** in the left pane
-1. In the **Home** screen, select **Devices** in the left pane.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**
-
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
 1. In the **Create profile** window that opens:
-
+   1. Under **Platform**, select **Windows 10 and later**
-   1. Under **Platform**, select **Windows 10 and later**.
+   1. Under **Profile type**, select **Templates**
-
+   1. When the templates appears, under **Template name**, select **Custom**
-   1. Under **Profile type**, select **Templates**.
+   1. Select **Create** to close the **Create profile** window
-
-   1. When the templates appears, under **Template name**, select **Custom**.
-
-   1. Select **Create** to close the **Create profile** window.
-
 1. The **Custom** screen will open. In the **Basics** page:
-
+   1. Next to **Name**, enter **Personal Data Encryption**
-   1. Next to **Name**, enter **Personal Data Encryption**.
+   1. Next to **Description**, enter a description
-
+   1. Select **Next**
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
 1. In **Configuration settings** page:
-
+   1. Next to **OMA-URI Settings**, select **Add**
-   1. Next to **OMA-URI Settings**, select **Add**.
-
    1. In the **Add Row** window that opens:
-
+     1. Next to **Name**, enter **Personal Data Encryption**
-     1. Next to **Name**, enter **Personal Data Encryption**.
+     1. Next to **Description**, enter a description
-
-     1. Next to **Description**, enter a description.
-
      1. Next to **OMA-URI**, enter in:
-
         **`./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`**
-
+     1. Next to **Data type**, select **Integer**
-     1. Next to **Data type**, select **Integer**.
+     1. Next to **Value**, enter in **1**
-
+     1. Select **Save** to close the **Add Row** window
-     1. Next to **Value**, enter in **1**.
+   1. Select **Next**
-
-     1. Select **Save** to close the **Add Row** window.
-
-   1. Select **Next**.
-
 1. In the **Assignments** page:
-
+   1. Under **Included groups**, select **Add groups**
-   1. Under **Included groups**, select **Add groups**.
-
         > [!NOTE]
-        >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**
-
+1. In **Applicability Rules**, configure if necessary and then select **Next**
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**
-
-1. In **Applicability Rules**, configure if necessary and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
 
 ## Additional PDE configurations in Intune
 
 The following PDE configurations can also be configured using Intune:
 
-### Required prerequisites
+### Prerequisites
 
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+- [Disable Winlogon automatic restart sign-on (ARSO)](intune-disable-arso.md)
 
 ### Security hardening recommendations
 
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+- [Disable kernel-mode crash dumps and live dumps](intune-disable-memory-dumps.md)
-
+- [Disable Windows Error Reporting (WER)/user-mode crash dumps](intune-disable-wer.md)
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+- [Disable hibernation](intune-disable-hibernation.md)
-
+- [Disable allowing users to select when a password is required when resuming from connected standby](intune-disable-password-connected-standby.md)
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
 
 ## More information
 
-- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
-

windows/security/operating-system-security/data-protection/personal-data-encryption/toc.yml

@@ -0,0 +1,19 @@
+items:
+- name: Overview
+  href: index.md
+- name: Configure PDE with Intune
+  href: configure-pde-in-intune.md
+- name: Enable Personal Data Encryption (PDE)
+  href: intune-enable-pde.md
+- name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
+  href: intune-disable-arso.md
+- name: Disable kernel-mode crash dumps and live dumps for PDE
+  href: intune-disable-memory-dumps.md
+- name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
+  href: intune-disable-wer.md
+- name: Disable hibernation for PDE
+  href: intune-disable-hibernation.md
+- name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
+  href: intune-disable-password-connected-standby.md
+- name: PDE frequently asked questions (FAQ)
+  href: faq-pde.yml

windows/security/operating-system-security/data-protection/toc.yml

@@ -76,29 +76,9 @@ items:
           - name: Decode Measured Boot logs to track PCR changes
             href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
 - name: Encrypted Hard Drive
-  href: ../../information-protection/encrypted-hard-drive.md
+  href: encrypted-hard-drive.md
 - name: Personal Data Encryption (PDE)
-  items:
+  href: personal-data-encryption/toc.yml
-  - name: Personal Data Encryption (PDE) overview
-    href: ../../information-protection/personal-data-encryption/overview-pde.md
-  - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-    href: ../../information-protection/personal-data-encryption/faq-pde.yml
-  - name: Configure Personal Data Encryption (PDE) in Intune
-    items:
-    - name: Configure Personal Data Encryption (PDE) in Intune
-      href: ../../information-protection/personal-data-encryption/configure-pde-in-intune.md
-    - name: Enable Personal Data Encryption (PDE)
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-    - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-    - name: Disable kernel-mode crash dumps and live dumps for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-    - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-    - name: Disable hibernation for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-    - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
 - name: Configure S/MIME for Windows
   href: configure-s-mime.md
 - name: Windows Information Protection (WIP)