mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 19:33:37 +00:00
updates
This commit is contained in:
@ -7434,6 +7434,11 @@
|
||||
"source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md",
|
||||
"redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md",
|
||||
"redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock",
|
||||
"redirect_document_id": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -94,7 +94,7 @@ Network Unlock requires the following infrastructure:
|
||||
|
||||
- A server with the DHCP server role installed
|
||||
|
||||
For more information about how to configure Network unlock feature, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
|
||||
For more information about how to configure Network unlock feature, see [BitLocker: How to enable Network Unlock](network-unlock.md).
|
||||
|
||||
## Microsoft BitLocker administration and monitoring
|
||||
|
||||
|
@ -99,4 +99,4 @@ Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilitie
|
||||
- [BitLocker overview](index.md)
|
||||
- [BitLocker frequently asked questions (FAQ)](faq.yml)
|
||||
- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
|
||||
- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
|
||||
- [BitLocker: How to enable Network Unlock](network-unlock.md)
|
||||
|
@ -42,7 +42,7 @@ The Minimal Server Interface is a prerequisite for some of the BitLocker adminis
|
||||
|
||||
If a server is being installed manually, such as a stand-alone server, then choosing [Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience/) is the easiest path because it avoids performing the steps to add a GUI to Server Core.
|
||||
|
||||
Additionally, lights-out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
|
||||
Additionally, lights-out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](network-unlock.md).
|
||||
For more information, see the BitLocker FAQs article and other useful links in [Related Articles](#related-articles).
|
||||
|
||||
## PowerShell examples
|
||||
@ -105,7 +105,7 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi
|
||||
- [How to update local source media to add roles and features](/archive/blogs/joscon/how-to-update-local-source-media-to-add-roles-and-features)
|
||||
- [How to add or remove optional components on Server Core](/archive/blogs/server_core/using-features-on-demand-with-updated-systems-and-patched-images) *(Features on Demand)*
|
||||
- [How to deploy BitLocker on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)
|
||||
- [How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
|
||||
- [How to enable Network Unlock](network-unlock.md)
|
||||
- [Shielded VMs and Guarded Fabric](https://blogs.technet.microsoft.com/windowsserver/2016/05/10/a-closer-look-at-shielded-vms-in-windows-server-2016/)
|
||||
|
||||
### PowerShell
|
||||
|
@ -224,5 +224,5 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-
|
||||
- [BitLocker overview](index.md)
|
||||
- [BitLocker frequently asked questions (FAQ)](faq.yml)
|
||||
- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
|
||||
- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
|
||||
- [BitLocker: How to enable Network Unlock](network-unlock.md)
|
||||
- [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
|
||||
|
@ -451,5 +451,5 @@ Disable-BitLocker -MountPoint E:,F:,G:
|
||||
|
||||
- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
|
||||
- [BitLocker recovery guide](bitlocker-recovery-guide-plan.md)
|
||||
- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
|
||||
- [BitLocker: How to enable Network Unlock](network-unlock.md)
|
||||
- [BitLocker overview](index.md)
|
@ -388,7 +388,7 @@ sections:
|
||||
|
||||
Network Unlock uses two protectors - the TPM protector and the protector provided by the network or by the PIN. Automatic unlock uses a single protector - the one stored in the TPM. If the computer is joined to a network without the key protector, it will prompt to enter a PIN. If the PIN isn't available, the recovery key will need to be used to unlock the computer if it can't be connected to the network.
|
||||
|
||||
For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
|
||||
For more info, see [BitLocker: How to enable Network Unlock](network-unlock.md).
|
||||
|
||||
- name: Use BitLocker with other programs
|
||||
questions:
|
||||
|
@ -18,7 +18,7 @@ If you disable or don't configure this policy setting, BitLocker clients won't b
|
||||
> [!NOTE]
|
||||
> For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or the server at startup.
|
||||
|
||||
For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](../bitlocker-how-to-enable-network-unlock.md)
|
||||
For more information about Network Unlock feature, see [BitLocker: How to enable Network Unlock](../network-unlock.md)
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
|
@ -1,11 +1,11 @@
|
||||
---
|
||||
title: Prepare the organization for BitLocker Planning and policies
|
||||
description: This article for the IT professional explains how can to plan for a BitLocker deployment.
|
||||
title: Plan for a BitLocker deployment
|
||||
description: Learn how to plan for a BitLocker deployment in your organization.
|
||||
ms.topic: conceptual
|
||||
ms.date: 11/08/2022
|
||||
---
|
||||
|
||||
# Prepare an organization for BitLocker: Planning and policies
|
||||
# Plan for a BitLocker deployment
|
||||
|
||||
This article for the IT professional explains how to plan BitLocker deployment.
|
||||
|
||||
@ -132,7 +132,7 @@ Administrators can enable BitLocker before to operating system deployment from t
|
||||
|
||||
## Used Disk Space Only encryption
|
||||
|
||||
The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the new BitLocker group policy setting to enforce either Used Disk Space Only or Full disk encryption.
|
||||
The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the BitLocker policy setting to enforce either Used Disk Space Only or Full disk encryption.
|
||||
|
||||
Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, the wizard asks to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption.
|
||||
|
||||
@ -142,7 +142,7 @@ With Full drive encryption, the entire drive is encrypted, whether data is store
|
||||
|
||||
## Active Directory Domain Services considerations
|
||||
|
||||
BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following group policy setting for each drive type to enable backup of BitLocker recovery information:
|
||||
BitLocker integrates with Microsoft Entra ID and Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following group policy setting for each drive type to enable backup of BitLocker recovery information:
|
||||
|
||||
**Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > ***drive type*** > **Choose how BitLocker-protected drives can be recovered**.
|
||||
|
@ -5,10 +5,10 @@ items:
|
||||
href: countermeasures.md
|
||||
- name: Deployment guides
|
||||
items:
|
||||
- name: Planning for BitLocker
|
||||
href: prepare-your-organization-for-bitlocker-planning-and-policies.md
|
||||
- name: BitLocker basic deployment
|
||||
href: bitlocker-basic-deployment.md
|
||||
- name: Plan for a BitLocker deployment
|
||||
href: plan.md
|
||||
- name: Configure BitLocker
|
||||
href: configure.md
|
||||
- name: BitLocker deployment comparison
|
||||
href: bitlocker-deployment-comparison.md
|
||||
- name: BitLocker device encryption
|
||||
@ -21,14 +21,14 @@ items:
|
||||
href: bitlocker-how-to-deploy-on-windows-server.md
|
||||
- name: Manage BitLocker with Drive Encryption Tools
|
||||
href: bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
|
||||
- name: Use BitLocker Recovery Password Viewer
|
||||
href: bitlocker-use-bitlocker-recovery-password-viewer.md
|
||||
- name: BitLocker Recovery Guide
|
||||
href: bitlocker-recovery-guide-plan.md
|
||||
- name: Protect cluster shared volumes and storage area networks with BitLocker
|
||||
href: protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
|
||||
- name: Network Unlock
|
||||
href: bitlocker-how-to-enable-network-unlock.md
|
||||
href: network-unlock.md
|
||||
- name: BitLocker Recovery Password Viewer
|
||||
href: bitlocker-use-bitlocker-recovery-password-viewer.md
|
||||
- name: Reference
|
||||
items:
|
||||
- name: BitLocker policy settings
|
||||
|
Reference in New Issue
Block a user