diff --git a/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md b/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md index ffaee53f08..f3c545e4ed 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md @@ -10,7 +10,11 @@ ms.date: 09/29/2023 # Manage BitLocker recovery passwords ---- +### OneDrive option + +There's an option for storing the BitLocker recovery key using OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local user accounts don't have the option to use OneDrive. Using the OneDrive option is the default recommended recovery key storage method for computers that aren't joined to a domain. + +Users can verify whether the recovery key is saved properly by checking OneDrive for the *BitLocker* folder, which is created automatically during the save process. The folder contains two files, a `readme.txt` and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. ## Retrieve Bitlocker recovery keys for a Microsoft Entra joined device diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md index 195c1d0060..95fab216c8 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md @@ -37,12 +37,6 @@ Encrypting volumes with the BitLocker Control Panel (select **Start**, enter `Bi To start encryption for a volume, select **Turn on BitLocker** for the appropriate drive to initialize the **BitLocker Drive Encryption Wizard**. **BitLocker Drive Encryption Wizard** options vary based on volume type (operating system volume or data volume). -### OneDrive option - -There's an option for storing the BitLocker recovery key using OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local user accounts don't have the option to use OneDrive. Using the OneDrive option is the default recommended recovery key storage method for computers that aren't joined to a domain. - -Users can verify whether the recovery key is saved properly by checking OneDrive for the *BitLocker* folder, which is created automatically during the save process. The folder contains two files, a `readme.txt` and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. - ### Use BitLocker within Windows Explorer Windows Explorer allows users to launch the **BitLocker Drive Encryption Wizard** by right-clicking a volume and selecting **Turn On BitLocker**. This option is available on client computers by default. On servers, the BitLocker feature and the Desktop-Experience feature must first be installed for this option to be available. After selecting **Turn on BitLocker**, the wizard works exactly as it does when launched using the BitLocker Control Panel. diff --git a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md index 52b7185f73..368b0d1c10 100644 --- a/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md +++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md @@ -7,6 +7,8 @@ ms.topic: concept-article # Encrypted hard drives +## Overview + Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives. By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity. @@ -34,6 +36,8 @@ Encrypted hard drives are supported natively in the operating system through the > >It's important to confirm that the device type is an encrypted hard drive for Windows when planning for deployment. +When the operating system identifies an encrypted hard drive, it activates the *security mode*. This activation lets the drive controller generate a *media key* for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. + If you're a storage device vendor who is looking for more info on how to implement encrypted hard drive, see the [encrypted hard drive device guide](/previous-versions/windows/hardware/design/dn653989(v=vs.85)). ## System Requirements @@ -58,10 +62,6 @@ For an encrypted hard drive used as a **startup drive**: [!INCLUDE [encrypted-hard-drive](../../../../includes/licensing/encrypted-hard-drive.md)] -## Technical overview - -Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering improved performance. Encrypted hard drives offload the cryptographic operations to the drive controller for greater efficiency. When the operating system identifies an encrypted hard drive, it activates the *security mode*. This activation lets the drive controller generate a *media key* for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. - ## Configure encrypted hard drives as startup drives To configure encrypted hard drives as startup drives, use the same methods as standard hard drives: