updates

windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md

@@ -111,12 +111,11 @@ Alternatively, you can configure devices using the [Policy CSP][CSP-1] and [Pers
 
 When Personal Data Encryption is enabled, the user experience is as follows:
 
-- If the user is signed in with Windows Hello for Business, the user can access Personal Data Encryption protected content
+- If the user signs in with Windows Hello, the user can access Personal Data Encryption protected content
-- The data protected by Personal Data Encryption is only accessible when the user is signed in with Windows Hello for Business, and can be identified by the padlock icon on the file or folder
+- The data protected by Personal Data Encryption is only accessible when the user signs in with Windows Hello, and can be identified by the padlock icon on the file or folder
-    :::image type="content" source="images/pde-protection.png" alt-text="Screenshot of File Explorer with some files protected by Personal Data Encryption, displaying a padlock.":::
+    :::image type="content" source="images/pde-protection.png" alt-text="Screenshot of File Explorer with some files protected by Personal Data Encryption, displaying a padlock." border="false":::
-- If the user tries to sign in with a password, a message appears on the sign in screen indicating that the user must sign in with Windows Hello for Business to access Personal Data Encryption protected content
+- If the user tries to sign in without using Windows Hello, a message appears on the sign in screen indicating that the user must sign in with Windows Hello to access encrypted content
-    :::image type="content" source="images/pde-sign-in.png" alt-text="Screenshot of the sign in screen. If a user attempts to sign in with a password, a message indicates that the files protected by Personal Data Encryption will be unavailable.":::
+    :::image type="content" source="images/pde-sign-in.png" lightbox="images/pde-sign-in.png" alt-text="Screenshot of the sign in screen. If a user attempts to sign in with a password, a message indicates that the files protected by Personal Data Encryption will be unavailable." border="false":::
-
 
 ## Disable Personal Data Encryption
 

windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml

@@ -27,7 +27,7 @@ sections:
           No, it's not supported to access protected content over RDP.
       - question: Can Personal Data Encryption protected content be accessed via a network share?
         answer: |
-          No, Personal Data Encryption protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
+          No, Personal Data Encryption protected content can only be accessed after signing on locally to Windows with Windows Hello credentials.
       - question: What encryption method and strength does Personal Data Encryption use?
         answer: |
           Personal Data Encryption uses AES-CBC with a 256-bit key to encrypt content.
@@ -36,10 +36,10 @@ sections:
     questions:
       - question: What is the relation between Windows Hello for Business and Personal Data Encryption?
         answer: |
-          During user sign-on, Windows Hello for Business unlocks the keys that Personal Data Encryption uses to protect content.
+          During user sign-on, Windows Hello unlocks the keys that Personal Data Encryption uses to protect content.
-      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their Personal Data Encryption protected content?
+      - question: If a user signs into Windows with a password instead of Windows Hello, will they be able to access their Personal Data Encryption protected content?
         answer: |
-          No, the keys used by Personal Data Encryption to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
+          No, the keys used by Personal Data Encryption to encrypt content are protected by Windows Hello credentials and can only be unlocked when signing on with Windows Hello (PIN or biometrics).
       - question: Can a file be protected with both Personal Data Encryption and EFS at the same time?
         answer: |
           No, Personal Data Encryption and EFS are mutually exclusive.

windows/security/operating-system-security/data-protection/personal-data-encryption/index.md

@@ -31,7 +31,7 @@ To use Personal Data Encryption, the following prerequisites must be met:
 - Windows 11, version 22H2 and later
   - Personal Data Encryption for known folders is only available on Windows 11, version 24H2 and later
 - The devices must be [Microsoft Entra joined][ENTRA-1] or [Microsoft Entra hybrid joined][ENTRA-2]. Domain-joined devices aren't supported
-- Users must sign in using [Windows Hello for Business](../../../identity-protection/hello-for-business/index.md)
+- Users must sign in using [Windows Hello](../../../identity-protection/hello-for-business/index.md)
 
 > [!IMPORTANT]
 > If you sign in with a password or a [FIDO2 security key][ENTRA-3], you can't access Personal Data Encryption protected content.
@@ -44,37 +44,37 @@ Personal Data Encryption uses *AES-CBC* with a *256-bit key* to protect content
 
 | Item | Level 1 | Level 2 |
 |---|---|---|
-| Protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes |
+| Protected data accessible when user has signed in via Windows Hello | Yes | Yes |
 | Protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available |
 | Protected data is accessible after user signs out of Windows | No | No |
 | Protected data is accessible when device is shut down | No | No |
 | Protected data is accessible via UNC paths | No | No |
-| Protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No |
+| Protected data is accessible when signing with Windows password instead of Windows Hello | No | No |
 | Protected data is accessible via Remote Desktop session | No | No |
 | Decryption keys used by Personal Data Encryption discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows |
 
 ## Personal Data Encryption protected content accessibility
 
-When a file is protected with Personal Data Encryption, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access Personal Data Encryption protected content, they'll be denied access to the content.
+When a file is protected with Personal Data Encryption, its icon shows a padlock. If the user hasn't signed in locally with Windows Hello, or an unauthorized user attempts to access Personal Data Encryption protected content, they'll be denied access to the content.
 
 Scenarios where a user will be denied access to Personal Data Encryption protected content include:
 
-- User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN
+- User has signed into Windows via a password instead of signing in with Windows Hello (biometrics or PIN)
 - If protected via level 2 protection, when the device is locked
 - When trying to access content on the device remotely. For example, UNC network paths
 - Remote Desktop sessions
-- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the Personal Data Encryption protected content
+- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello and have permissions to navigate to the Personal Data Encryption protected content
 
 ## Differences between Personal Data Encryption and BitLocker
 
 Personal Data Encryption is meant to work alongside BitLocker. Personal Data Encryption isn't a replacement for BitLocker, nor is BitLocker a replacement for Personal Data Encryption. Using both features together provides better security than using either BitLocker or Personal Data Encryption alone. However there are differences between BitLocker and Personal Data Encryption and how they work. These differences are why using them together offers better security.
 
-| Item | Personal Data Encryption | BitLocker |
+|| Personal Data Encryption | BitLocker |
 |--|--|--|
-| Release of decryption key | At user sign-in via Windows Hello for Business | At boot |
+| **Release of decryption key**| At user sign-in via Windows Hello | At boot |
-| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At shutdown |
+| **Decryption keys discarded**| When user signs out of Windows or one minute after Windows lock screen is engaged | At shutdown |
-| Protected content | All files in protected folders | Entire volume/drive |
+| **Protected content**| All files in protected folders | Entire volume/drive |
-| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
+| **Authentication to access protected content**| Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
 
 ## Differences between Personal Data Encryption and EFS
 
@@ -99,7 +99,7 @@ The following are recommendations for using Personal Data Encryption:
 - Enable [BitLocker Drive Encryption](../bitlocker/index.md). Although Personal Data Encryption works without BitLocker, it's recommended to enable BitLocker. Personal Data Encryption is meant to work alongside BitLocker for increased security at it isn't a replacement for BitLocker
 - Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview). In certain scenarios, such as TPM resets or destructive PIN resets, the keys used by Personal Data Encryption to protect content will be lost making any protected content inaccessible. The only way to recover such content is from a backup. If the files are synced to OneDrive, to regain access you must re-sync OneDrive
 - [Windows Hello for Business PIN reset service](../../../identity-protection/hello-for-business/hello-feature-pin-reset.md). Destructive PIN resets will cause keys used by Personal Data Encryption to protect content to be lost, making any content protected with Personal Data Encryption inaccessible. After a destructive PIN reset, content protected with Personal Data Encryption must be recovered from a backup. For this reason, Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets
-- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) offers additional security when authenticating with Windows Hello for Business via biometrics or PIN
+- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) offers additional security when authenticating with Windows Hello via biometrics or PIN
 
 ## Next steps