deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

operations guide

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-10-18 17:36:19 -04:00
parent e63d529491
commit af80a81853
3 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md
View File

@ -10,7 +10,11 @@ ms.date: 09/29/2023
# Manage BitLocker recovery passwords
---
### OneDrive option
There's an option for storing the BitLocker recovery key using OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local user accounts don't have the option to use OneDrive. Using the OneDrive option is the default recommended recovery key storage method for computers that aren't joined to a domain.
Users can verify whether the recovery key is saved properly by checking OneDrive for the *BitLocker* folder, which is created automatically during the save process. The folder contains two files, a `readme.txt` and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name.
## Retrieve Bitlocker recovery keys for a Microsoft Entra joined device

6
windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
View File

@ -37,12 +37,6 @@ Encrypting volumes with the BitLocker Control Panel (select **Start**, enter `Bi
To start encryption for a volume, select **Turn on BitLocker** for the appropriate drive to initialize the **BitLocker Drive Encryption Wizard**. **BitLocker Drive Encryption Wizard** options vary based on volume type (operating system volume or data volume).
### OneDrive option
There's an option for storing the BitLocker recovery key using OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account. Local user accounts don't have the option to use OneDrive. Using the OneDrive option is the default recommended recovery key storage method for computers that aren't joined to a domain.
Users can verify whether the recovery key is saved properly by checking OneDrive for the *BitLocker* folder, which is created automatically during the save process. The folder contains two files, a `readme.txt` and the recovery key. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name.
### Use BitLocker within Windows Explorer
Windows Explorer allows users to launch the **BitLocker Drive Encryption Wizard** by right-clicking a volume and selecting **Turn On BitLocker**. This option is available on client computers by default. On servers, the BitLocker feature and the Desktop-Experience feature must first be installed for this option to be available. After selecting **Turn on BitLocker**, the wizard works exactly as it does when launched using the BitLocker Control Panel.

8
windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
View File

@ -7,6 +7,8 @@ ms.topic: concept-article
# Encrypted hard drives
## Overview
Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives.
By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity.
@ -34,6 +36,8 @@ Encrypted hard drives are supported natively in the operating system through the
>
>It's important to confirm that the device type is an encrypted hard drive for Windows when planning for deployment.
When the operating system identifies an encrypted hard drive, it activates the *security mode*. This activation lets the drive controller generate a *media key* for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk.
If you're a storage device vendor who is looking for more info on how to implement encrypted hard drive, see the [encrypted hard drive device guide](/previous-versions/windows/hardware/design/dn653989(v=vs.85)).
## System Requirements
@ -58,10 +62,6 @@ For an encrypted hard drive used as a **startup drive**:
[!INCLUDE [encrypted-hard-drive](../../../../includes/licensing/encrypted-hard-drive.md)]
## Technical overview
Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering improved performance. Encrypted hard drives offload the cryptographic operations to the drive controller for greater efficiency. When the operating system identifies an encrypted hard drive, it activates the *security mode*. This activation lets the drive controller generate a *media key* for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk.
## Configure encrypted hard drives as startup drives
To configure encrypted hard drives as startup drives, use the same methods as standard hard drives: