diff --git a/education/windows/index.yml b/education/windows/index.yml
index a78beaa537..0c159bd537 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -15,7 +15,7 @@ metadata:
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
- ms.date: 08/07/2023
+ ms.date: 10/30/2023
highlightedContent:
items:
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
index 2335f02514..22f80cb481 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -2,7 +2,7 @@
title: BCD settings and BitLocker
description: Learn how BCD settings are used by BitLocker.
ms.topic: reference
-ms.date: 09/29/2023
+ms.date: 10/30/2023
---
# Boot Configuration Data settings and BitLocker
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/configure.md b/windows/security/operating-system-security/data-protection/bitlocker/configure.md
index 5168b6c2db..cfd538b1f4 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/configure.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/configure.md
@@ -2,7 +2,7 @@
title: Configure BitLocker
description: Learn about the available options to configure BitLocker and how to configure them via Configuration Service Providers (CSP) or group policy (GPO).
ms.topic: how-to
-ms.date: 10/03/2023
+ms.date: 10/30/2023
---
# Configure BitLocker
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
index d357920335..ceb306dc15 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
@@ -2,7 +2,7 @@
title: BitLocker countermeasures
description: Learn about technologies and features to protect against attacks on the BitLocker encryption key.
ms.topic: concept-article
-ms.date: 10/05/2023
+ms.date: 10/30/2023
---
# BitLocker countermeasures
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
index 54673ebcbb..ecc9f64823 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
@@ -2,7 +2,7 @@
title: Protect cluster shared volumes and storage area networks with BitLocker
description: Learn how to how to protect cluster shared volumes (CSV) and storage area networks (SAN) with BitLocker.
ms.topic: how-to
-ms.date: 10/05/2023
+ms.date: 10/30/2023
appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
index 0c52764f97..597916975d 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
+++ b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
@@ -5,7 +5,7 @@ metadata:
ms.collection:
- tier1
ms.topic: faq
- ms.date: 10/18/2023
+ ms.date: 10/30/2023
title: BitLocker FAQ
summary: Learn more about BitLocker by reviewing the frequently asked questions.
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-devices-compliant-with-instantgo-or-hsti-to-opt-out-of-pre-boot-pin.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-devices-compliant-with-instantgo-or-hsti-to-opt-out-of-pre-boot-pin.md
index 750e3d4166..65ea306074 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-devices-compliant-with-instantgo-or-hsti-to-opt-out-of-pre-boot-pin.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-devices-compliant-with-instantgo-or-hsti-to-opt-out-of-pre-boot-pin.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-enhanced-pins-for-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-enhanced-pins-for-startup.md
index 8a731738b3..ebae01aa25 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-enhanced-pins-for-startup.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-enhanced-pins-for-startup.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md
index 436b2dd8a3..e85b3205d4 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-network-unlock-at-startup.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
index 2c5b5c10cb..9d453b576a 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-standard-user-encryption.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-standard-user-encryption.md
index b2253c66e6..4ee204fa87 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-standard-user-encryption.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-standard-user-encryption.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-warning-for-other-disk-encryption.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-warning-for-other-disk-encryption.md
index 71c61e51a1..4463d21b87 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-warning-for-other-disk-encryption.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-warning-for-other-disk-encryption.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-default-folder-for-recovery-password.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-default-folder-for-recovery-password.md
index f06941e7ef..5a19c8397b 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-default-folder-for-recovery-password.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-default-folder-for-recovery-password.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md
index de6e210401..fdda90d046 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 10/05/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-fixed-drives-can-be-recovered.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-fixed-drives-can-be-recovered.md
index 56c3e2ebb5..7b7748c000 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-fixed-drives-can-be-recovered.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-fixed-drives-can-be-recovered.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-operating-system-drives-can-be-recovered.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-operating-system-drives-can-be-recovered.md
index 063ea6537f..14029cf6de 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-operating-system-drives-can-be-recovered.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-operating-system-drives-can-be-recovered.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-removable-drives-can-be-recovered.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-removable-drives-can-be-recovered.md
index b1c1e7568b..d9973fdef2 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-removable-drives-can-be-recovered.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-removable-drives-can-be-recovered.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md
index 36c55c753d..a3c2beba7f 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-pre-boot-recovery-message-and-url.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-pre-boot-recovery-message-and-url.md
index 38a095a131..5f707ebe9b 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-pre-boot-recovery-message-and-url.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-pre-boot-recovery-message-and-url.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-recovery-password-rotation.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-recovery-password-rotation.md
index d06d3ce67b..0c01ec789f 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-recovery-password-rotation.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-recovery-password-rotation.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-bios-based-firmware-configurations.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-bios-based-firmware-configurations.md
index 9d9116e434..19a483e265 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-bios-based-firmware-configurations.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-bios-based-firmware-configurations.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md
index 866fd9c392..b68c87148d 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-fixed-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-fixed-data-drives.md
index 1bc81f6fb3..6c6a082d01 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-fixed-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-fixed-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-operating-system-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-operating-system-drives.md
index 3953f2ea74..20553a6063 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-operating-system-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-operating-system-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-removable-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-removable-data-drives.md
index f5bdae7129..21ebc8d5b5 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-removable-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-hardware-based-encryption-for-removable-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-fixed-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-fixed-data-drives.md
index 23994ddf50..db3025e06b 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-fixed-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-fixed-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-operating-system-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-operating-system-drives.md
index 710f513743..96c2b559db 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-operating-system-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-operating-system-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md
index 43332a883d..336f1e1f59 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-fixed-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-fixed-data-drives.md
index 9b2bf646b8..272d4f036f 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-fixed-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-fixed-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-removable-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-removable-data-drives.md
index e0df4db06e..420074ca92 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-removable-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-removable-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/control-use-of-bitlocker-on-removable-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/control-use-of-bitlocker-on-removable-drives.md
index 8087881724..6900ca9c2d 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/control-use-of-bitlocker-on-removable-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/control-use-of-bitlocker-on-removable-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-fixed-drives-not-protected-by-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-fixed-drives-not-protected-by-bitlocker.md
index 06e7b3df23..3589ed946a 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-fixed-drives-not-protected-by-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-fixed-drives-not-protected-by-bitlocker.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-removable-drives-not-protected-by-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-removable-drives-not-protected-by-bitlocker.md
index b39615a413..510a31f0d3 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-removable-drives-not-protected-by-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/deny-write-access-to-removable-drives-not-protected-by-bitlocker.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/disable-new-dma-devices-when-this-computer-is-locked.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/disable-new-dma-devices-when-this-computer-is-locked.md
index 51f73ae6cc..cb3456daea 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/disable-new-dma-devices-when-this-computer-is-locked.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/disable-new-dma-devices-when-this-computer-is-locked.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/disallow-standard-users-from-changing-the-pin-or-password.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/disallow-standard-users-from-changing-the-pin-or-password.md
index 0dbe94bba1..320c46d3de 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/disallow-standard-users-from-changing-the-pin-or-password.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/disallow-standard-users-from-changing-the-pin-or-password.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/enable-use-of-bitlocker-authentication-requiring-preboot-keyboard-input-on-slates.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/enable-use-of-bitlocker-authentication-requiring-preboot-keyboard-input-on-slates.md
index f71d5f5ab3..8f66e27ff7 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/enable-use-of-bitlocker-authentication-requiring-preboot-keyboard-input-on-slates.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/enable-use-of-bitlocker-authentication-requiring-preboot-keyboard-input-on-slates.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-fixed-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-fixed-data-drives.md
index a0fd33cfe4..ebbb59b261 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-fixed-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-fixed-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-operating-system-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-operating-system-drives.md
index fbc1d4ae09..9a4c336ee3 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-operating-system-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-operating-system-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-removable-data-drives.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-removable-data-drives.md
index ce1e9ca083..abf2f0dca0 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-removable-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-removable-data-drives.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/prevent-memory-overwrite-on-restart.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/prevent-memory-overwrite-on-restart.md
index d3e72a7566..0437a528d0 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/prevent-memory-overwrite-on-restart.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/prevent-memory-overwrite-on-restart.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/provide-the-unique-identifiers-for-your-organization.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/provide-the-unique-identifiers-for-your-organization.md
index 37d68a6642..5612741246 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/provide-the-unique-identifiers-for-your-organization.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/provide-the-unique-identifiers-for-your-organization.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/removable-drives-excluded-from-encryption.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/removable-drives-excluded-from-encryption.md
index 273a437ddb..133e810d41 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/removable-drives-excluded-from-encryption.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/removable-drives-excluded-from-encryption.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/require-additional-authentication-at-startup.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/require-additional-authentication-at-startup.md
index d49bda6ab3..0f76f34ddf 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/require-additional-authentication-at-startup.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/require-additional-authentication-at-startup.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/require-device-encryption.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/require-device-encryption.md
index 79b10d6569..c80d17f8b9 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/require-device-encryption.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/require-device-encryption.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/reset-platform-validation-data-after-bitlocker-recovery.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/reset-platform-validation-data-after-bitlocker-recovery.md
index 265f5f010e..b6ee8365c6 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/reset-platform-validation-data-after-bitlocker-recovery.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/reset-platform-validation-data-after-bitlocker-recovery.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/use-enhanced-boot-configuration-data-validation-profile.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/use-enhanced-boot-configuration-data-validation-profile.md
index 87e124a3ab..1b6e50649e 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/use-enhanced-boot-configuration-data-validation-profile.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/use-enhanced-boot-configuration-data-validation-profile.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/validate-smart-card-certificate-usage-rule-compliance.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/validate-smart-card-certificate-usage-rule-compliance.md
index 866dcdaba2..d74b1ca073 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/validate-smart-card-certificate-usage-rule-compliance.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/validate-smart-card-certificate-usage-rule-compliance.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/24/2023
+ms.date: 10/30/2023
ms.topic: include
---
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md
index 8f22603617..7baa705813 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/index.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md
@@ -5,7 +5,7 @@ ms.collection:
- highpri
- tier1
ms.topic: overview
-ms.date: 09/25/2023
+ms.date: 10/30/2023
---
# BitLocker overview
@@ -133,6 +133,8 @@ It's recommended to keep device encryption on for any systems that support it. H
|-|-|-|-|
| `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker`| `PreventDeviceEncryption`|REG_DWORD|0x1|
+For more information about device encryption, see [BitLocker device encryption hardware requirements](/windows-hardware/design/device-experiences/oem-bitlocker#bitlocker-automatic-device-encryption).
+
## Next steps
> [!div class="nextstepaction"]
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
index 2148c9e0a2..c79ab3d0aa 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
@@ -2,7 +2,7 @@
title: Install BitLocker on Windows Server
description: Learn how to install BitLocker on Windows Server.
ms.topic: how-to
-ms.date: 10/05/2023
+ms.date: 10/30/2023
appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
index 3c38d5e1f6..fb7df08895 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
@@ -2,7 +2,7 @@
title: Network Unlock
description: Learn how BitLocker Network Unlock works and how to configure it.
ms.topic: how-to
-ms.date: 10/17/2023
+ms.date: 10/30/2023
---
# Network Unlock
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
index 7dd334b9fb..31d79ef163 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
@@ -4,7 +4,7 @@ description: Learn how to use different tools to manage and operate BitLocker.
ms.collection:
- tier1
ms.topic: how-to
-ms.date: 10/18/2023
+ms.date: 10/30/2023
---
# BitLocker operations guide
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md
index 2ac2e138c9..0a4e115a34 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md
@@ -2,7 +2,7 @@
title: BitLocker planning guide
description: Learn how to plan for a BitLocker deployment in your organization.
ms.topic: concept-article
-ms.date: 10/06/2023
+ms.date: 10/30/2023
---
# BitLocker planning guide
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
index ec0e96e988..e694a95993 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
@@ -5,7 +5,7 @@ ms.collection:
- highpri
- tier1
ms.topic: concept-article
-ms.date: 10/19/2023
+ms.date: 10/30/2023
---
# BitLocker preboot recovery screen
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md
index 04528f8eb5..4ab63d31f1 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md
@@ -5,18 +5,18 @@ ms.collection:
- highpri
- tier1
ms.topic: how-to
-ms.date: 09/29/2023
+ms.date: 10/30/2023
---
# BitLocker recovery overview
BitLocker recovery is the process by which access to a BitLocker-protected drive can be restored if the drive doesn't unlock using its default unlock mechanism.
-In a recovery scenario, the following options to restore access to the drive may be available:
+In a recovery scenario, the following options to restore access to the drive may be available, depending on the configured policy settings:
:::row:::
:::column span="2":::
- **Recovery password**: a 48-digit number used to unlock a volume when it is in recovery mode. The recovery password may be saved as a text file, printed or stored in Microsoft Entra ID or Active Directory. The user can supply a *recovery password*, if available. A recovery password must be allowed by policy settings, so that users can print or save it.
+ - **Recovery password**: a 48-digit number used to unlock a volume when it is in recovery mode. The recovery password may be saved as a text file, printed or stored in Microsoft Entra ID or Active Directory. The user can supply a recovery password, if available.
:::column-end:::
:::column span="2":::
:::image type="content" source="images/preboot-recovery.png" alt-text="Screenshot of the default BitLocker recovery screen asking enter the recovery password." lightbox="images/preboot-recovery.png" border="false":::
@@ -24,7 +24,7 @@ In a recovery scenario, the following options to restore access to the drive may
:::row-end:::
:::row:::
:::column span="2":::
- **Recovery key**: an encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume. The file name has a format of .bek. For the OS drive, the recovery key can be used to gain access to the device if BitLocker detects a condition that prevents it from unlocking the drive when the device is starting up. A recovery key can also be used to gain access to fixed data drives and removable drives that are encrypted with BitLocker, if for some reason the password is forgotten or the device can't access the drive.
+ - **Recovery key**: an encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume. The file name has a format of .bek. For the OS drive, the recovery key can be used to gain access to the device if BitLocker detects a condition that prevents it from unlocking the drive when the device is starting up. A recovery key can also be used to gain access to fixed data drives and removable drives that are encrypted with BitLocker, if for some reason the password is forgotten or the device can't access the drive.
:::column-end:::
:::column span="2":::
:::image type="content" source="images/preboot-recovery-key.png" alt-text="Screenshot of the BitLocker recovery screen asking to plug a USB drive with the recovery key." lightbox="images/preboot-recovery-key.png" border="false":::
@@ -32,12 +32,12 @@ In a recovery scenario, the following options to restore access to the drive may
:::row-end:::
:::row:::
:::column span="4":::
- **Key package**: decryption key that can be used with the BitLocker Repair tool to reconstruct critical parts of a drive and salvage recoverable data. With the key package and either the *recovery password* or *recovery key*, portions of a corrupted BitLocker-protected drive can be decrypted. Each key package works only for a drive that has the corresponding drive identifier. A key package is not generated automatically, and can be saved on a file or in AD DS.
+ - **Key package**: decryption key that can be used with the BitLocker Repair tool to reconstruct critical parts of a drive and salvage recoverable data. With the key package and either the *recovery password* or *recovery key*, portions of a corrupted BitLocker-protected drive can be decrypted. Each key package works only for a drive that has the corresponding drive identifier. A key package is not generated automatically, and can be saved on a file or in AD DS.
:::column-end:::
:::row-end:::
:::row:::
:::column span="4":::
- **Data Recovery Agent certificate**: a Data Recovery Agent (DRA) is a type of certificate that is associated with an Active Directory security principal and that can be used to access any BitLocker encrypted drives configured with the matching public key. DRAs can use their credentials to unlock the drive. If the drive is an OS drive, the drive must be mounted as a data drive on another device for the DRA to unlock it.
+ - **Data Recovery Agent certificate**: a Data Recovery Agent (DRA) is a type of certificate that is associated with an Active Directory security principal and that can be used to access any BitLocker encrypted drives configured with the matching public key. DRAs can use their credentials to unlock the drive. If the drive is an OS drive, the drive must be mounted as a data drive on another device for the DRA to unlock it.
:::column-end:::
:::row-end:::
@@ -45,40 +45,36 @@ In a recovery scenario, the following options to restore access to the drive may
The following list provides some examples of common events that causes BitLocker to enter recovery mode when attempting to start the operating system:
-- Changing the BIOS or firmware boot device order (on devices with TPM 1.2)
-- Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD
-- Docking or undocking a portable computer
-- Losing the USB drive that contains the *startup key*
-- Changes to the NTFS partition table on the disk
- Entering the wrong PIN too many times
- Turning off the support for reading the USB device in the pre-boot environment from the BIOS or UEFI firmware if using USB-based keys instead of a TPM
+- Having the CD or DVD drive before the hard drive in the BIOS boot order (common with virtual machines)
+- Docking or undocking a portable computer
+- Changes to the NTFS partition table on the disk
+- Changes to the boot manager
- Turning off, disabling, deactivating, or clearing the TPM
+- TPM self-test failure
+- Upgrading the motherboard to a new one with a new TPM
- Upgrading critical early startup components, such as a BIOS or UEFI firmware upgrade
-- Removing, inserting, or completely depleting the charge on a smart battery on a portable computer
-- Changes to the boot manager on the disk
- Hiding the TPM from the operating system
- Modifying the Platform Configuration Registers (PCRs) used by the TPM validation profile
-- Moving the BitLocker-protected drive into a new computer
-- Upgrading the motherboard to a new one with a new TPM
-- Failing the TPM self-test
+- Moving a BitLocker-protected drive into a new computer
+- On devices with TPM 1.2, changing the BIOS or firmware boot device order
-Before beginning recovery, it's recommend to determine what caused recovery. This might help to prevent the problem from occurring again in the future. For instance, if it is determined that an attacker has modified the computer by obtaining physical access, new security policies can be created for tracking who has physical presence. After the recovery password has been used to recover access to the device, BitLocker reseals the encryption key to the current values of the measured components.
+Before beginning recovery, it's recommend to determine *what* caused recovery. This might help to prevent the problem from occurring again in the future. For instance, if it is determined that an attacker has modified the computer by obtaining physical access, new security policies can be created for tracking who has physical presence. After the recovery password has been used to recover access to the device, BitLocker reseals the encryption key to the current values of the measured components.
For planned scenarios, such as a known hardware or firmware upgrades, initiating recovery can be avoided by temporarily suspending BitLocker protection. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key.
> [!NOTE]
> If suspended, BitLocker automatically resumes protection when the device is rebooted, unless a reboot count is specified using PowerShell or the `manage-bde.exe` command line tool. For more information about suspending BitLocker, review the [BitLocker operations guide](operations-guide.md#suspend-and-resume).
-If software maintenance requires the computer to be restarted and two-factor authentication is used, the BitLocker [Network Unlock](network-unlock.md) feature can be enabled to provide the secondary authentication factor when the computers don't have a user to provide the additional authentication method.
-
> [!TIP]
> Recovery is described within the context of unplanned or undesired behavior. However, recovery can also be caused as an intended production scenario, for example in order to manage access control. When devices are redeployed to other departments or employees in the organization, BitLocker can be forced into recovery before the device is delivered to a new user.
-## Plan for BitLocker recovery
+## BitLocker password recovery storage options
When planning the BitLocker recovery process, first consult the organization's current best practices for recovering sensitive information. For example:
-| :ballot_box_with_check: | **Question** |
+| :ballot_box_with_check: | Question |
|--|--|
| :black_square_button: | *How does the organization handle lost Windows passwords?* |
| :black_square_button: | *How does the organization perform smart card PIN resets?* |
@@ -86,19 +82,25 @@ When planning the BitLocker recovery process, first consult the organization's c
Answering the questions helps to determine the best BitLocker recovery process for the organization, and to configure BitLocker policy settings accordingly. For example, if the organization has a process for resetting passwords, a similar process can be used for BitLocker recovery. If users aren't allowed to save or retrieve recovery information, the organization can use a data recovery agents (DRAs) or automatically back up recovery information to Microsoft Entra ID or Active Directory Domain Services (AD DS).
-After a BitLocker recovery has been initiated, users can use a recovery password to unlock access to encrypted data. Consider both self-recovery and recovery password retrieval methods for the organization.
+After a BitLocker recovery is initiated, users can use a recovery password to unlock access to encrypted data. Consider both self-recovery and recovery password retrieval methods for the organization.
-### User-initaited backup
+In order to recover BitLocker, a user must have access to the recovery password. The BitLocker recovery password is unique to the device it was created on, and can be saved in different ways. Depending on the configured policy settings, the recovery password can be:
-In order to recover BitLocker, you need to have access to the recovery password. This means that all recovery scenarios start with the assumption that the recovery password is available. The BitLocker recovery password is unique to the computer it was created on and can be saved in various ways, such as on paper, on a USB startup device, in the Active Directory directory service, or in a file on a network. However, having access to this key allows the holder to unlock a BitLocker-protected volume and access all of its data. Therefore, it is crucial for your organization to establish procedures to control access to recovery passwords and ensure that they are stored securely, separate from the computers they protect.
+- saved in Microsoft Entra ID, for Microsoft Entra joined and Microsoft Entra hybrid joined devices
+- saved in AD DS, for devices that are joined to Active Directory
+- saved on text file
+- printed
-#### OneDrive option
+Having access to this key allows the holder to unlock a BitLocker-protected volume and access all of its data. Therefore, it's crucial for your organization to establish procedures to control access to recovery passwords and ensure that they are stored securely, separate from the computers they protect.
-There's an option for storing the BitLocker recovery key using OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local user accounts don't have the option to use OneDrive. Using the OneDrive option is the default recommended recovery key storage method for computers that aren't joined to a domain.
+> [!NOTE]
+> There's an option for storing the BitLocker recovery key in a user's Microsoft account. This option is available for devices that aren't members of a domain and that the user is using a Microsoft account. Storing the recovery password in a Microsoft account is the default recommended recovery key storage method for devices that aren't Microsoft Entra joined or Active Directory joined.
-Users can verify whether the recovery key is saved properly by checking OneDrive for the *BitLocker* folder, which is created automatically during the save process. The folder contains two files, a `readme.txt` and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name.
+Backup of the recovery password can be configured **before** BitLocker is enabled. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used:
-## Centralized backup
+- [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered)
+- [Choose how BitLocker-protected fixed drives can be recovered](configure.md?tabs=fixed#choose-how-bitlocker-protected-fixed-drives-can-be-recovered)
+- [Choose how BitLocker-protected removable drives can be recovered](configure.md?tabs=removable#choose-how-bitlocker-protected-removable-drives-can-be-recovered)
The preferred backup methodology in an organization is to automatically store BitLocker recovery information in a central location. Depending on the organization's requirements, the recovery information can be stored in Microsoft Entra ID, AD DS, or file shares.
@@ -107,15 +109,11 @@ The recommendation is to use the following BitLocker backup methods:
- For Microsoft Entra joined devices, store the recovery key in Microsoft Entra ID
- For Active Directory joined devices, store the recovery key in AD DS
-Backup of the recovery password doesn't happen automatically, but policy settings can be configured **before** BitLocker is enabled. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
-
-- [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered)
-- [Choose how BitLocker-protected fixed drives can be recovered](configure.md?tabs=fixed#choose-how-bitlocker-protected-fixed-drives-can-be-recovered)
-- [Choose how BitLocker-protected removable drives can be recovered](configure.md?tabs=removable#choose-how-bitlocker-protected-removable-drives-can-be-recovered)
-
> [!IMPORTANT]
> The *BitLocker key package* can be stored in Active Directory Domain Services (AD DS), not in Microsoft Entra ID.
+## BitLocker password retrieval methods
+
### Microsoft Entra ID
### Active Directory
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
index 58e023bf22..afc3e8083b 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
@@ -5,7 +5,7 @@ ms.collection:
- highpri
- tier1
ms.topic: how-to
-ms.date: 09/29/2023
+ms.date: 10/30/2023
---
# BitLocker recovery process