updates

windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-fixed-data-drives.md

@@ -7,7 +7,12 @@ ms.topic: include
 
 ### Configure use of smart cards on fixed data drives
 
-This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on fixed data drives" check box. Note:  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected fixed data drives. If you do not configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.
+This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives.
+
+- If you enable this policy setting, smart cards can be used to authenticate user access to the drive
+  - You can require a smart card authentication by selecting the **Require use of smart cards on fixed data drives** option
+- If you disable this policy setting, users can't use smart cards to authenticate their access to BitLocker-protected fixed data drives
+- If you don't configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive
 
 |  | Path |
 |--|--|

windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-smart-cards-on-removable-data-drives.md

@@ -7,7 +7,12 @@ ms.topic: include
 
 ### Configure use of smart cards on removable data drives
 
-This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on removable data drives" check box. Note:  These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives. If you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
+This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected removable data drives.
+
+- If you enable this policy setting, smart cards can be used to authenticate user access to the drive
+  - You can require a smart card authentication by selecting the **Require use of smart cards on removable data drives** option
+- If you disable this policy setting, users can't use smart cards to authenticate their access to BitLocker-protected removable data drives
+- If you don't configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive
 
 |  | Path |
 |--|--|

windows/security/operating-system-security/data-protection/bitlocker/includes/control-use-of-bitlocker-on-removable-drives.md

@@ -7,7 +7,14 @@ ms.topic: include
 
 ### Control use of BitLocker on removable drives
 
-This policy setting controls the use of BitLocker on removable data drives. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.
+This policy setting controls the use of BitLocker on removable data drives.
+
+When this policy setting is enabled, you can select property settings that control how users can configure BitLocker:
+
+- Choose **Allow users to apply BitLocker protection on removable data drives** to permit the user to run the BitLocker setup wizard on a removable data drive
+- Choose **Allow users to suspend and decrypt BitLocker on removable data drives** to permit the user to remove BitLocker encryption from the drive or suspend the encryption while maintenance is performed
+
+If you disable this policy setting, users can't use BitLocker on removable disk drives.
 
 |  | Path |
 |--|--|

windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-fixed-data-drives.md

@@ -7,7 +7,19 @@ ms.topic: include
 
 ### Enforce drive encryption type on fixed data drives
 
-This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+This policy setting controls the use of BitLocker on fixed data drives.
+
+If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard:
+
+- Choose **full encryption** to require that the entire drive be encrypted when BitLocker is turned on
+- Choose **used space only encryption** to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on
+
+If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+
+> [!NOTE]
+> Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress.
+>
+> This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using *Used Space Only encryption* is expanded, the new free space isn't wiped as it would be for a drive that uses *Full encryption*. The user could wipe the free space on a *Used Space Only* drive by using the following command: `manage-bde.exe -w`. If the volume is shrunk, no action is taken for the new free space.
 
 |  | Path |
 |--|--|

windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-operating-system-drives.md

@@ -7,7 +7,19 @@ ms.topic: include
 
 ### Enforce drive encryption type on operating system drives
 
-This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption.
+
+If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard:
+
+- Choose **full encryption** to require that the entire drive be encrypted when BitLocker is turned on
+- Choose **used space only encryption** to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on
+
+If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+
+> [!NOTE]
+> Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress.
+>
+> This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using *Used Space Only encryption* is expanded, the new free space isn't wiped as it would be for a drive that uses *Full encryption*. The user could wipe the free space on a *Used Space Only* drive by using the following command: `manage-bde.exe -w`. If the volume is shrunk, no action is taken for the new free space.
 
 |  | Path |
 |--|--|

windows/security/operating-system-security/data-protection/bitlocker/includes/enforce-drive-encryption-type-on-removable-data-drives.md

@@ -7,7 +7,19 @@ ms.topic: include
 
 ### Enforce drive encryption type on removable data drives
 
-This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+This policy setting controls the use of BitLocker on removable data drives.
+
+If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard:
+
+- Choose **full encryption** to require that the entire drive be encrypted when BitLocker is turned on
+- Choose **used space only encryption** to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on
+
+If you disable or don't configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
+
+> [!NOTE]
+> Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress.
+>
+> This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using *Used Space Only encryption* is expanded, the new free space isn't wiped as it would be for a drive that uses *Full encryption*. The user could wipe the free space on a *Used Space Only* drive by using the following command: `manage-bde.exe -w`. If the volume is shrunk, no action is taken for the new free space.
 
 |  | Path |
 |--|--|