deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-03 03:03:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #7073 from MicrosoftDocs/4281-PersonalDataEncryption

Browse Source 
CSP - personal data encryption
This commit is contained in:
Stephanie Savell
2022-09-12 10:09:24 -05:00
committed by GitHub
parent 955a91b00a 0a08f1c81f
commit 8a47abb634
3 changed files with 179 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
windows/client-management/mdm/personaldataencryption-csp.md Normal file
View File

@ -0,0 +1,47 @@
---
title: PersonalDataEncryption CSP
description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/12/2022
ms.reviewer:
manager: dansimp
ms.collection: highpri
---
# PersonalDataEncryption CSP
The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP is supported in Windows 11.
The following shows the PersonalDataEncryption configuration service provider in tree format:
```
./User/Vendor/MSFT/PDE
-- EnablePersonalDataEncryption
-- Status
-------- PersonalDataEncryptionStatus
```
**EnablePersonalDataEncryption**:
- 0 is default (disabled)
- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled.
**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, then PDE will be enabled and this will report 1.
> [!Note]
> The policy is only applicable on Enterprise and Education SKUs.
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|

127
windows/client-management/mdm/personaldataencryption-ddf-file.md Normal file
View File

@ -0,0 +1,127 @@
---
title: PersonalDataEncryption DDF file
description: Learn about the OMA DM device description framework (DDF) for the PersonalDataEncryption configuration service provider.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/10/2022
ms.reviewer:
manager: dansimp
---
# PersonalDataEncryption DDF file
This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the current version for this CSP.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>PDE</NodeName>
<Path>./User/Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>EnablePersonalDataEncryption</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Disable Personal Data Encryption.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Enable Personal Data Encryption.</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>PersonalDataEncryptionStatus</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```

5
windows/client-management/mdm/toc.yml
View File

@ -333,6 +333,11 @@ items:
items:
- name: PassportForWork DDF file
href: passportforwork-ddf.md
- name: PersonalDataEncryption CSP
href: personaldataencryption-csp.md
items:
- name: PersonalDataEncryption DDF file
href: personaldataencryption-ddf-file.md
- name: Personalization CSP
href: personalization-csp.md
items: