From 73b01b18865cabff07be3f439905b486d9c9879f Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 16 Sep 2022 17:14:22 -0400 Subject: [PATCH] Update PDE Docs 13 --- windows/security/encryption-data-protection.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md index 1016313d2b..aa3a7da83d 100644 --- a/windows/security/encryption-data-protection.md +++ b/windows/security/encryption-data-protection.md @@ -49,15 +49,16 @@ Windows consistently improves data protection by improving existing options and (*Applies to: Windows 11, version 22H2 and later*) -Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides encryption of individual user files. PDE occurs in addition to other encryption methods such as BitLocker. +Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides encryption of individual files. PDE occurs in addition to other encryption methods such as BitLocker. -PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This can minimizes the amount of credentials the user has to remember to gain access to files. It is also an alternative to BitLocker + PIN when requiring user authentication before releasing encryption keys and decrypting files. +PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimizes the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business. -Unlike BitLocker which unlocks data encryption keys at boot, PDE does not release data encryption keys until a user logs via Windows Hello for Business. +PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features. + +Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user logs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked. > [!NOTE] -> PDE is currently only available to developers via [APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager.md). There is no user interface in Windows or administrative policies that can be pushed to devices to encrypt files via PDE. - +> PDE is currently only available to developers via [APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager.md). There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE. ## See also