From 076ac04d6c9476f9f48967e8632e2bcebd5859f0 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 26 Jul 2021 21:19:25 +0300 Subject: [PATCH 1/6] Get-TPM https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9501 --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index eeb3384995..33702337e1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -60,7 +60,7 @@ sections: > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI. - question: How can I tell if a TPM is on my computer? - answer: Beginning with Windows 10, version 1803, you can check TPM status in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. + answer: Beginning with Windows 10, version 1803, you can check TPM status in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. You can also run **[Get-TPM](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/get-tpm?view=windowsserver2019-ps)** in Powershell to get more details about the TPM on the current computer. - question: Can I use BitLocker on an operating system drive without a TPM? answer: | @@ -78,4 +78,4 @@ sections: answer: To turn on, turn off, or change configurations of BitLocker on operating system and fixed data drives, membership in the local **Administrators** group is required. Standard users can turn on, turn off, or change configurations of BitLocker on removable data drives. - question: What is the recommended boot order for computers that are going to be BitLocker-protected? - answer: You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.  \ No newline at end of file + answer: You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.  From eaaa7908e0271d6b7f37ec9c46a835abe367665b Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 27 Jul 2021 11:14:43 +0300 Subject: [PATCH 2/6] Update windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index 33702337e1..ed7c95958f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -60,7 +60,7 @@ sections: > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI. - question: How can I tell if a TPM is on my computer? - answer: Beginning with Windows 10, version 1803, you can check TPM status in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. You can also run **[Get-TPM](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/get-tpm?view=windowsserver2019-ps)** in Powershell to get more details about the TPM on the current computer. + answer: Beginning with Windows 10, version 1803, you can check TPM status in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. You can also run [**Get-TPM**](/powershell/module/trustedplatformmodule/get-tpm?view=windowsserver2019-ps)** in PowerShell to get more details about the TPM on the current computer. - question: Can I use BitLocker on an operating system drive without a TPM? answer: | From e8c3b7bd65e5b2f78de5fe1f102250cf309eb9f1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 27 Jul 2021 13:22:48 -0700 Subject: [PATCH 3/6] Update bitlocker-overview-and-requirements-faq.yml --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index ed7c95958f..6cebdef98d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -15,7 +15,7 @@ metadata: audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual - ms.date: 02/28/2019 + ms.date: 07/27/2021 ms.custom: bitlocker title: BitLocker Overview and Requirements FAQ From 1dff6394290ae266d9d86ab511e986c10b7d8bd5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 27 Jul 2021 13:23:15 -0700 Subject: [PATCH 4/6] Update bitlocker-overview-and-requirements-faq.yml --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index 6cebdef98d..bd62782893 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -1,7 +1,7 @@ ### YamlMime:FAQ metadata: title: BitLocker overview and requirements FAQ (Windows 10) - description: This topic for the IT professional answers frequently asked questions concerning the requirements to use BitLocker. + description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From 7df0a120f82e9d0bd977a079f609d23b68d87bcb Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 27 Jul 2021 16:29:50 -0700 Subject: [PATCH 5/6] Update setupdiag.md --- windows/deployment/upgrade/setupdiag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index da30d6f337..5f3f5dc8dc 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -29,7 +29,7 @@ ms.topic: article ## About SetupDiag -Current downloadable version of SetupDiag: 1.6.1.0 +Current downloadable version of SetupDiag: 1.6.2107.27002 >Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues. SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. From e8957007ceb2e2951c6fd13b57d628180aed4f05 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 27 Jul 2021 16:37:12 -0700 Subject: [PATCH 6/6] minor edits --- windows/deployment/upgrade/setupdiag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index ac79f50898..9e7a29631c 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -49,7 +49,7 @@ When run by Windows Setup, the following [parameters](#parameters) are used: - /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml - /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results -The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**. Please note that this is not the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter is not specificed, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag. +The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**. Please note that this is not the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter is not specified, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag. > [!IMPORTANT] > When SetupDiag indicates that there were multiple failures, the last failure in the log file is typically the fatal error, not the first one.