From bf217cf053779977d2a651069d1d49a5377f1650 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 18 Jan 2021 12:48:34 +0500 Subject: [PATCH 1/2] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 34008453ad..c4907449b5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -82,6 +82,9 @@ Microsoft recommends that BitLocker Device Encryption be enabled on any systems Administrators can manage domain-joined devices that have BitLocker Device Encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, BitLocker Device Encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required. +> [!NOTE] +> BitLocker Device Encryption feature uses XTS-AES 128-bit encryption method. In case you need to use different encryption method and/or cipher strength, device must be decrypted first. After that, different Bitlocker settings can be applied. + ## Used Disk Space Only encryption BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused. From f1034be901a73648fcc7141060df5f4a0f57d111 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 20 Jan 2021 18:30:06 +0500 Subject: [PATCH 2/2] Update windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index c4907449b5..714d9c0db7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -83,7 +83,7 @@ Microsoft recommends that BitLocker Device Encryption be enabled on any systems Administrators can manage domain-joined devices that have BitLocker Device Encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, BitLocker Device Encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required. > [!NOTE] -> BitLocker Device Encryption feature uses XTS-AES 128-bit encryption method. In case you need to use different encryption method and/or cipher strength, device must be decrypted first. After that, different Bitlocker settings can be applied. +> BitLocker Device Encryption uses the XTS-AES 128-bit encryption method. In case you need to use a different encryption method and/or cipher strength, the device must be configured and decrypted (if already encrypted) first. After that, different BitLocker settings can be applied. ## Used Disk Space Only encryption