deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update bitlocker-device-encryption-overview-windows-10.md

Browse Source
This commit is contained in:
Siddarth Mandalika 2020-10-22 16:17:30 +05:30 committed by GitHub
parent 874ba7ef2f
commit a3d7e7b0c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
View File

@ -53,14 +53,14 @@ In Windows 7, preparing the TPM for use offered a couple of challenges:
* You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
* When you enable the TPM, it may require one or more restarts.
Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled. **Question: In the "but if you wanted..." phrase, does "you" refer to the users themselves who would have called IT for support"?**
Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
## Deploy hard drive encryption
BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.**Question:In the phrase, "Although this process could be automated...", could it be mentioned that the process was not automated because BitLocker needed to encrypt the drive"?**
With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.
## BitLocker device encryption