diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index d9b84cf68c..be38d6f481 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -303,7 +303,7 @@ Allows you to associate unique organizational identifiers to a new drive that is
ADMX Info:
- GP English name: Provide the unique identifiers for your organization
-- GP name: IdentificationField
+- GP name: IdentificationField_Name
- GP path: Windows Components/BitLocker Drive Encryption
- GP ADMX file name: VolumeEncryption.admx
@@ -312,13 +312,11 @@ ADMX Info:
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-This setting is used to establish an identifier that is applied to all drives that are encrypted in your organization. It allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
+This setting is used to establish an identifier that is applied to all drives that are encrypted in your organization.
-Identifiers are usually stored as the identification field and the allowed identification field. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the Manage-bde command-line tool. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
+Identifiers are usually stored as the identification field and the allowed identification field. You can configure the following identification fields on existing drives by using the [Manage-bde](/windows-server/administration/windows-commands/manage-bde):
-You can configure the follwoing identification fields on existing drives by using the [Manage-bde](/windows-server/administration/windows-commands/manage-bde):
-
-- **BitLocker identification field**: An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field on the drive matches the value that is configured for the identification field.
+- **BitLocker identification field**: It allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the Manage-bde command-line tool. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field on the drive matches the value that is configured for the identification field.
- **Allowed BitLocker identification field**: The allowed identification field is used in combination with the 'Deny write access to removable drives not protected by BitLocker' policy setting to help control the use of removable drives in your organization. It is a comma-separated list of identification fields from your organization or external organizations.
@@ -330,10 +328,11 @@ If you enable this policy setting, you can configure the identification field on
Sample value for this node to enable this policy is:
```xml
-
+
```
Data Id:
+
- IdentificationField: BitLocker identification field
- SecIdentificationField: Allowed BitLocker identification field
@@ -375,7 +374,7 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw
ADMX Info:
- GP English name: Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN
-- GP name: OSEnablePreBootPinExceptionOnDECapableDevice
+- GP name: EnablePreBootPinExceptionOnDECapableDevice_Name
- GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -428,7 +427,7 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit
ADMX Info:
- GP English name: Allow enhanced PINs for startup
-- GP name: UseEnhancedPin
+- GP name: EnhancedPIN_Name
- GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -484,7 +483,7 @@ Allows you to configure whether standard users are allowed to change BitLocker P
ADMX Info:
- GP English name: Disallow standard users from changing the PIN or password
-- GP name: DisallowStandardUserPINReset
+- GP name: DisallowStandardUsersCanChangePIN_Name
- GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -540,7 +539,7 @@ Allows users to enable authentication options that require user input from the p
ADMX Info:
- GP English name: Enable use of BitLocker authentication requiring preboot keyboard input on slates
-- GP name: OSEnablePrebootInputProtectorsOnSlates
+- GP name: EnablePrebootInputProtectorsOnSlates_Name
- GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -602,7 +601,7 @@ Allows you to configure the encryption type that is used by BitLocker.
ADMX Info:
- GP English name: Enforce drive encryption type on operating system drives
-- GP name: OSEncryptionType
+- GP name: OSEncryptionType_Name
- GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -1207,7 +1206,7 @@ Allows you to configure the encryption type on fixed data drives that is used by
ADMX Info:
- GP English name: Enforce drive encryption type on fixed data drives
-- GP name: FDVEncryptionType
+- GP name: FDVEncryptionType_Name
- GP path: Windows Components/BitLocker Drive Encryption/Fixed Data Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -1348,7 +1347,7 @@ Allows you to configure the encryption type that is used by BitLocker.
ADMX Info:
- GP English name: Enforce drive encryption type on removable data drives
-- GP name: RDVEncryptionType
+- GP name: RDVEncryptionType_Name
- GP path: Windows Components/BitLocker Drive Encryption/Removable Data Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -1357,7 +1356,7 @@ ADMX Info:
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption, and is applied when you turn on BitLocker. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
+This policy controls whether removed data drives utilize Full encryption or Used Space Only encryption, and is applied when you turn on BitLocker. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
@@ -1403,7 +1402,7 @@ Allows you to control the use of BitLocker on removable data drives.
ADMX Info:
- GP English name: Control use of BitLocker on removable drives
-- GP name: RDVConfigureBDE
+- GP name: RDVConfigureBDE_Name
- GP path: Windows Components/BitLocker Drive Encryption/Removable Data Drives
- GP ADMX file name: VolumeEncryption.admx
@@ -1418,7 +1417,7 @@ For information about suspending BitLocker protection, see [BitLocker Basic Depl
The options for choosing property settings that control how users can configure BitLocker are:
-- **Allow users to apply BitLocker protection on removable data drives**: Enables the user to run the BitLocker Setup Wizard on a removable data drive.
+- **Allow users to apply BitLocker protection on removable data drives**: Enables the user to enable BitLocker on a removable data drives.
- **Allow users to suspend and decrypt BitLocker on removable data drives**: Enables the user to remove BitLocker from the drive or to suspend the encryption while performing maintenance.
If you enable this policy setting, you can select property settings that control how users can configure BitLocker.