test

windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md

@@ -1,8 +1,8 @@
 ---
-title: Personal Data Encryption settings and configuration
+title: Personal Data Encryption Settings and Configuration
-description: Learn about the available options to configure Personal Data Encryption (Personal Data Encryption) and how to configure them via Microsoft Intune or Configuration Service Providers (CSP).
+description: Learn about the available options to configure Personal Data Encryption and how to configure them via Microsoft Intune or Configuration Service Providers (CSP).
 ms.topic: how-to
-ms.date: 09/24/2024
+ms.date: 03/12/2025
 ---
 
 # Personal Data Encryption settings and configuration

windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml

@@ -4,7 +4,7 @@ metadata:
   title: Frequently asked questions for Personal Data Encryption
   description: Answers to common questions regarding Personal Data Encryption.
   ms.topic: faq
-  ms.date: 09/24/2024
+  ms.date: 03/12/2025
 
 title: Frequently asked questions for Personal Data Encryption
 summary: |

windows/security/operating-system-security/data-protection/personal-data-encryption/index.md

@@ -1,24 +1,28 @@
 ---
-title: Personal Data Encryption
+title: Personal Data Encryption Overview
-description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
+description: Learn about Personal Data Encryption, a security feature that provides file-based data encryption capabilities to Windows.
-ms.topic: how-to
+ms.topic: overview
-ms.date: 09/24/2024
+ms.date: 03/12/2025
 ---
 
-# Personal Data Encryption
+# Personal Data Encryption overview
 
-Starting in Windows 11, version 22H2, Personal Data Encryption is a security feature that provides file-based data encryption capabilities to Windows.
+Personal Data Encryption is a security feature that provides file-based data encryption capabilities to Windows. It utilizes Windows Hello for Business to link *data encryption keys* with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data becomes accessible to the user. Conversely, when a user logs off, decryption keys are discarded, rendering the data inaccessible even if another user signs into the device. This ensures that sensitive information remains protected at all times.
 
-Personal Data Encryption utilizes Windows Hello for Business to link *data encryption keys* with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user.\
+The benefits of Personal Data Encryption are significant. By reducing the number of credentials needed to access encrypted content, users only need to sign in with Windows Hello for Business. Additionally, the accessibility features available with Windows Hello for Business extend to Personal Data Encryption protected content.
-When a user logs off, decryption keys are discarded and data is inaccessible, even if another user signs into the device.
 
-The use of Windows Hello for Business offers the following advantages:
+Unlike BitLocker, which encrypts entire volumes and disks, Personal Data Encryption focuses on individual files, providing an additional layer of security. This feature not only enhances data protection but also shows a strong commitment to safeguarding personal information.
 
-- It reduces the number of credentials to access encrypted content: users only need to sign-in with Windows Hello for Business
+## Personal Data Encryption for known folders
-- The accessibility features available when using Windows Hello for Business extend to Personal Data Encryption protected content
 
-Personal Data Encryption differs from BitLocker in that it encrypts files instead of whole volumes and disks. Personal Data Encryption occurs in addition to other encryption methods such as BitLocker.\
+:::row:::
-Unlike BitLocker that releases data encryption keys at boot, Personal Data Encryption doesn't release data encryption keys until a user signs in using Windows Hello for Business.
+  :::column span="2":::
+  Starting in Windows 11, version 24H2, Personal Data Encryption is further enhanced with *Personal Data Encryption for known folders*, which extends protection to the Windows folders: **Desktop**, **Documents**, and **Pictures**. This means that any files stored in these folders are automatically encrypted, providing an extra layer of security for commonly used directories.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/pde-known-folders.png" alt-text="Icons of the known folders with a padlock representing their encryption status." border="false":::
+  :::column-end:::
+:::row-end:::
 
 ## Prerequisites
 
@@ -96,14 +100,6 @@ The following are recommendations for using Personal Data Encryption:
 - [Windows Hello for Business PIN reset service](../../../identity-protection/hello-for-business/hello-feature-pin-reset.md). Destructive PIN resets will cause keys used by Personal Data Encryption to protect content to be lost, making any content protected with Personal Data Encryption inaccessible. After a destructive PIN reset, content protected with Personal Data Encryption must be recovered from a backup. For this reason, Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets
 - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) offers additional security when authenticating with Windows Hello for Business via biometrics or PIN
 
-## Windows out of box applications that support Personal Data Encryption
-
-Certain Windows applications support Personal Data Encryption out of the box. If Personal Data Encryption is enabled on a device, these applications will utilize Personal Data Encryption:
-
-| App name | Details |
-|-|-|
-| Mail | Supports protecting both email bodies and attachments|
-
 ## Next steps
 
 - Learn about the available options to configure Personal Data Encryption and how to configure them via Microsoft Intune or configuration Service Provider (CSP): [Personal Data Encryption settings and configuration](configure.md)

windows/security/operating-system-security/data-protection/personal-data-encryption/known-folders.md

@@ -7,9 +7,14 @@ ms.date: 09/24/2024
 
 # Personal Data Encryption for know folders
 
-Starting in Windows 11, version 24H2, Personal Data Encryption is further enhanced with Personal Data Encryption for known folders, which extends protection to the Windows folders: **Desktop**, **Documents**, and **Pictures**.
+:::row:::
-
+  :::column span="2":::
-:::image type="content" source="images/known-folders-pde.png" alt-text="Icons of the known folders with a padlock representing their encryption status.":::
+  Starting in Windows 11, version 24H2, Personal Data Encryption is further enhanced with *Personal Data Encryption for known folders*, which extends protection to the Windows folders: **Desktop**, **Documents**, and **Pictures**. This means that any files stored in these folders are automatically encrypted, providing an extra layer of security for commonly used directories.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/pde-known-folders.png" alt-text="Icons of the known folders with a padlock representing their encryption status." border="false":::
+  :::column-end:::
+:::row-end:::
 
 ## Personal Data Encryption for know folders settings