deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into patch-6

Browse Source
This commit is contained in:
Stephanie Savell 2022-12-19 13:41:02 -06:00 committed by GitHub
commit c2f1216ddd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
386 changed files with 755 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
View File

@ -1,7 +1,7 @@
---
author: aczechowski
ms.author: aaroncz
ms.date: 10/27/2022
ms.date: 12/16/2022
ms.reviewer: cathask
manager: aaroncz
ms.prod: ie11
@ -9,6 +9,8 @@ ms.topic: include
---
> [!WARNING]
> The retired, out-of-support Internet Explorer 11 (IE11) desktop application will be permanently disabled on certain versions of Windows 10 as part of the February 2023 Windows security update ("B") release scheduled for February 14, 2023. We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization doesn't experience business disruption.
> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023.
>
> For more information, see [aka.ms/iemodefaq](https://aka.ms/iemodefaq).
> We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption.
>
> For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).

46
education/includes/education-content-updates.md
View File

@ -2,51 +2,9 @@
## Week of September 19, 2022
## Week of December 12, 2022
| Published On |Topic title | Change |
|------|------------|--------|
| 9/20/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
## Week of September 12, 2022
| Published On |Topic title | Change |
|------|------------|--------|
| 9/13/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
| 9/14/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
| 9/14/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
## Week of September 05, 2022
| Published On |Topic title | Change |
|------|------------|--------|
| 9/8/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
| 9/8/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
| 9/8/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
| 9/9/2022 | [Take tests in Windows](/education/windows/take-tests-in-windows-10) | modified |
## Week of August 29, 2022
| Published On |Topic title | Change |
|------|------------|--------|
| 8/31/2022 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | added |
| 8/31/2022 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | added |
| 8/31/2022 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | added |
| 8/31/2022 | [Enrollment in Intune with standard out-of-box experience (OOBE)](/education/windows/tutorial-school-deployment/enroll-aadj) | added |
| 8/31/2022 | [Enrollment in Intune with Windows Autopilot](/education/windows/tutorial-school-deployment/enroll-autopilot) | added |
| 8/31/2022 | [Device enrollment overview](/education/windows/tutorial-school-deployment/enroll-overview) | added |
| 8/31/2022 | [Enrollment of Windows devices with provisioning packages](/education/windows/tutorial-school-deployment/enroll-package) | added |
| 8/31/2022 | [Introduction](/education/windows/tutorial-school-deployment/index) | added |
| 8/31/2022 | [Manage devices with Microsoft Intune](/education/windows/tutorial-school-deployment/manage-overview) | added |
| 8/31/2022 | [Management functionalities for Surface devices](/education/windows/tutorial-school-deployment/manage-surface-devices) | added |
| 8/31/2022 | [Reset and wipe Windows devices](/education/windows/tutorial-school-deployment/reset-wipe) | added |
| 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added |
| 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added |
| 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added |
| 12/13/2022 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified |

2
windows/client-management/mdm/healthattestation-csp.md
View File

@ -8,7 +8,7 @@ ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date:
ms.date: 4/5/2022
---
# Device HealthAttestation CSP

3
windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
View File

@ -2,15 +2,14 @@
title: Don't Remove images under do/images/elixir_ux - used by Azure portal Diagnose/Solve feature UI
manager: aaroncz
description: Elixir images read me file
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: nidos
ms.localizationpriority: medium
ms.author: nidos
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Read Me

2
windows/deployment/do/mcc-enterprise-appendix.md
View File

@ -5,9 +5,9 @@ description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Educ
ms.prod: windows-client
author: amymzhou
ms.author: amyzhou
ms.localizationpriority: medium
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Appendix

2
windows/deployment/do/mcc-enterprise-deploy.md
View File

@ -4,10 +4,10 @@ manager: dougeby
description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
ms.prod: windows-client
author: amymzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Deploying your cache node

2
windows/deployment/do/mcc-enterprise-prerequisites.md
View File

@ -4,10 +4,10 @@ manager: dougeby
description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
ms.prod: windows-client
author: amymzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Requirements of Microsoft Connected Cache for Enterprise and Education (early preview)

2
windows/deployment/do/mcc-enterprise-update-uninstall.md
View File

@ -4,10 +4,10 @@ manager: dougeby
description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
ms.prod: windows-client
author: amymzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Update or uninstall Microsoft Connected Cache for Enterprise and Education

5
windows/deployment/do/mcc-isp-cache-node-configuration.md
View File

@ -2,15 +2,12 @@
title: Cache node configuration
manager: aaroncz
description: Configuring a cache node on Azure portal
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: amyzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Cache node configuration

5
windows/deployment/do/mcc-isp-create-provision-deploy.md
View File

@ -2,15 +2,12 @@
title: Create, provision, and deploy the cache node in Azure portal
manager: aaroncz
description: Instructions for creating, provisioning, and deploying Microsoft Connected Cache for ISP on Azure portal
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: nidos
ms.localizationpriority: medium
ms.author: nidos
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Create, Configure, provision, and deploy the cache node in Azure portal

8
windows/deployment/do/mcc-isp-faq.yml
View File

@ -2,23 +2,19 @@
metadata:
title: Microsoft Connected Cache Frequently Asked Questions
description: The following article is a list of frequently asked questions for Microsoft Connected Cache.
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: amymzhou
ms.author: amymzhou
manager: aaroncz
ms.collection:
- M365-security-compliance
- highpri
ms.topic: faq
ms.date: 09/30/2022
ms.prod: windows-client
ms.technology: itpro-updates
title: Microsoft Connected Cache Frequently Asked Questions
summary: |
**Applies to**
- Windows 10
- Windows 11
- Windows 10 and later
sections:
- name: Ignored

3
windows/deployment/do/mcc-isp-signup.md
View File

@ -2,15 +2,14 @@
title: Operator sign up and service onboarding
manager: aaroncz
description: Service onboarding for Microsoft Connected Cache for ISP
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: nidos
ms.localizationpriority: medium
ms.author: nidos
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Operator sign up and service onboarding for Microsoft Connected Cache

3
windows/deployment/do/mcc-isp-support.md
View File

@ -2,14 +2,13 @@
title: Support and troubleshooting
manager: aaroncz
description: Troubleshooting issues for Microsoft Connected Cache for ISP
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
audience: itpro
author: nidos
ms.localizationpriority: medium
ms.author: nidos
ms.topic: reference
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Support and troubleshooting

3
windows/deployment/do/mcc-isp-update.md
View File

@ -2,15 +2,14 @@
title: Update or uninstall your cache node
manager: aaroncz
description: How to update or uninstall your cache node
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: amyzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Update or uninstall your cache node

3
windows/deployment/do/mcc-isp-verify-cache-node.md
View File

@ -4,13 +4,12 @@ manager: aaroncz
description: How to verify the functionality of a cache node
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: amyzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: article
ms.date: 12/31/2017
ms.technology: itpro-updates
---
# Verify cache node functionality and monitor health and performance

5
windows/deployment/do/mcc-isp-vm-performance.md
View File

@ -2,14 +2,11 @@
title: Enhancing VM performance
manager: aaroncz
description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
keywords: updates, downloads, network, bandwidth
ms.prod: windows-client
ms.mktglfcycl: deploy
audience: itpro
author: amyzhou
ms.localizationpriority: medium
ms.author: amyzhou
ms.topic: reference
ms.technology: itpro-updates
ms.date: 12/31/2017
---

12
windows/deployment/do/waas-delivery-optimization-faq.yml
View File

@ -2,28 +2,20 @@
metadata:
title: Delivery Optimization Frequently Asked Questions
description: The following is a list of frequently asked questions for Delivery Optimization.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.reviewer: aaroncz
ms.prod: windows-client
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: carmenf
ms.author: carmenf
manager: dougeby
audience: ITPro
ms.technology: itpro-updates
ms.collection:
- M365-security-compliance
- highpri
ms.topic: faq
ms.date: 08/04/2022
ms.custom: seo-marvel-apr2020
title: Delivery Optimization Frequently Asked Questions
summary: |
**Applies to**
- Windows 10
- Windows 11
- Windows 10 and later
sections:

3
windows/deployment/windows-10-subscription-activation.md
View File

@ -39,6 +39,9 @@ This article covers the following information:
For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
> [!NOTE]
> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another might want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy.
## Subscription activation for Enterprise
Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without keys and reboots.

1
windows/deployment/windows-autopatch/index.yml
View File

@ -13,6 +13,7 @@ metadata:
ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
ms.custom: intro-hub-or-landing
ms.prod: windows-client
ms.technology: itpro-updates
ms.collection:
- highpri

1
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -11,6 +11,7 @@ metadata:
author: tiaraquan
ms.author: tiaraquan
ms.reviwer: hathind
ms.technology: itpro-updates
title: Frequently Asked Questions about Windows Autopatch
summary: This article answers frequently asked questions about Windows Autopatch.
sections:

4
windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
View File

@ -11,9 +11,9 @@ appliesto:
# Deploy certificates for remote desktop (RDP) sign-in
This document describes Windows Hello for Business functionalities or scenarios that apply to:\
This document describes Windows Hello for Business functionalities or scenarios that apply to:
- **Deployment type:** [!INCLUDE [hybrid](../../includes/hello-deployment-hybrid.md)]
- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)],[!INCLUDE [key](../../includes/hello-trust-key.md)]
- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)], [!INCLUDE [key](../../includes/hello-trust-key.md)]
- **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](../../includes/hello-join-hybrid.md)]
---

1
windows/security/identity-protection/hello-for-business/hello-faq.yml
View File

@ -13,7 +13,6 @@ metadata:
manager: aaroncz
ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: faq
localizationpriority: medium

1
windows/security/identity-protection/hello-for-business/index.yml
View File

@ -15,7 +15,6 @@ metadata:
ms.reviewer: prsriva
ms.date: 01/22/2021
ms.collection:
- M365-identity-device-management
- highpri
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new

1
windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: how-to
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections

1
windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
View File

@ -11,6 +11,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: how-to
---
# How to use Single Sign-On (SSO) over VPN and Wi-Fi connections

1
windows/security/identity-protection/vpn/vpn-authentication.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN authentication options

1
windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN auto-triggered profile options

1
windows/security/identity-protection/vpn/vpn-conditional-access.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN and conditional access

1
windows/security/identity-protection/vpn/vpn-connection-type.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN connection types

1
windows/security/identity-protection/vpn/vpn-guide.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# Windows VPN technical guide

1
windows/security/identity-protection/vpn/vpn-name-resolution.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN name resolution

1
windows/security/identity-protection/vpn/vpn-profile-options.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN profile options

1
windows/security/identity-protection/vpn/vpn-routing.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN routing decisions

1
windows/security/identity-protection/vpn/vpn-security-features.md
View File

@ -12,6 +12,7 @@ appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
ms.technology: itpro-security
ms.topic: conceptual
---
# VPN security features

1
windows/security/index.yml
View File

@ -10,7 +10,6 @@ metadata:
ms.prod: windows-client
ms.technology: itpro-security
ms.collection:
- m365-security-compliance
- highpri
ms.custom: intro-hub-or-landing
author: paolomatarazzo

11
windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
View File

@ -2,19 +2,13 @@
metadata:
title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection:
- M365-security-compliance
- highpri
ms.topic: faq
ms.date: 11/08/2022
@ -22,9 +16,8 @@ metadata:
title: BitLocker and Active Directory Domain Services (AD DS) FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later

13
windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
View File

@ -2,28 +2,19 @@
metadata:
title: BitLocker deployment and administration FAQ (Windows 10)
description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?"
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.reviewer:
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.custom: bitlocker
title: BitLocker frequently asked questions (FAQ)
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
sections:

12
windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
View File

@ -2,20 +2,13 @@
metadata:
title: BitLocker FAQ (Windows 10)
description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.reviewer:
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection:
- M365-security-compliance
- highpri
ms.topic: faq
ms.date: 11/08/2022
@ -23,9 +16,8 @@ metadata:
title: BitLocker frequently asked questions (FAQ) resources
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
This article links to frequently asked questions about BitLocker. BitLocker is a data protection feature that encrypts drives on computers to help prevent data theft or exposure. BitLocker-protected computers can also delete data more securely when they're decommissioned because it's much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive.

11
windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
View File

@ -2,27 +2,20 @@
metadata:
title: BitLocker Key Management FAQ (Windows 10)
description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.custom: bitlocker
title: BitLocker Key Management FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
sections:

5
windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
View File

@ -4,15 +4,10 @@ metadata:
description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments.
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.reviewer:

11
windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
View File

@ -2,19 +2,13 @@
metadata:
title: BitLocker overview and requirements FAQ (Windows 10)
description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection:
- M365-security-compliance
- highpri
ms.topic: faq
ms.date: 11/08/2022
@ -22,9 +16,8 @@ metadata:
title: BitLocker Overview and Requirements FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
sections:

13
windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
View File

@ -1,28 +1,21 @@
### YamlMime:FAQ
metadata:
title: BitLocker Security FAQ (Windows 10)
title: BitLocker Security FAQ
description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?"
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.custom: bitlocker
title: BitLocker Security FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later

8
windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
View File

@ -1,19 +1,13 @@
### YamlMime:FAQ
metadata:
title: BitLocker To Go FAQ (Windows 10)
title: BitLocker To Go FAQ
description: "Learn more about BitLocker To Go"
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.author: frankroj
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.custom: bitlocker

13
windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
View File

@ -1,18 +1,12 @@
### YamlMime:FAQ
metadata:
title: BitLocker Upgrading FAQ (Windows 10)
title: BitLocker Upgrading FAQ
description: Learn more about upgrading systems that have BitLocker enabled. Find frequently asked questions, such as, "Can I upgrade to Windows 10 with BitLocker enabled?"
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.reviewer:
@ -20,9 +14,8 @@ metadata:
title: BitLocker Upgrading FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
sections:

15
windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
View File

@ -1,28 +1,19 @@
### YamlMime:FAQ
metadata:
title: Using BitLocker with other programs FAQ (Windows 10)
title: Using BitLocker with other programs FAQ
description: Learn how to integrate BitLocker with other software on a device.
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
ms.prod: windows-client
ms.technology: itpro-security
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 11/08/2022
ms.custom: bitlocker
title: Using BitLocker with other programs FAQ
summary: |
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows 10 and later
- Windows Server 2016 and later
sections:

1
windows/security/information-protection/encrypted-hard-drive.md
View File

@ -8,6 +8,7 @@ ms.prod: windows-client
author: frankroj
ms.date: 11/08/2022
ms.technology: itpro-security
ms.topic: conceptual
---
# Encrypted Hard Drive

218
windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
View File

@ -3,16 +3,17 @@ title: Configure Personal Data Encryption (PDE) in Intune
description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
author: frankroj
ms.author: frankroj
ms.reviewer: rafals
ms.reviewer: rhonnegowda
manager: aaroncz
ms.topic: how-to
ms.prod: windows-client
ms.technology: itpro-security
ms.localizationpriority: medium
ms.date: 09/22/2022
ms.date: 12/13/2022
---
<!-- Max 5963468 OS 32516487 -->
<!-- Max 6946251 -->
# Configure Personal Data Encryption (PDE) policies in Intune
@ -20,104 +21,243 @@ ms.date: 09/22/2022
### Enable Personal Data Encryption (PDE)
1. Sign into the Intune
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Templates**
6. Under **Template name**, select **Custom**, and then select **Create**
7. On the ****Basics** tab:
7. In **Basics**:
1. Next to **Name**, enter **Personal Data Encryption**
2. Next to **Description**, enter a description
2. Next to **Description**, enter a description
8. Select **Next**
9. On the **Configuration settings** tab, select **Add**
10. In the **Add Row** window:
9. In **Configuration settings**, select **Add**
10. In **Add Row**:
1. Next to **Name**, enter **Personal Data Encryption**
2. Next to **Description**, enter a description
3. Next to **OMA-URI**, enter in **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
4. Next to **Data type**, select **Integer**
5. Next to **Value**, enter in **1**
11. Select **Save**, and then select **Next**
12. On the **Assignments** tab:
12. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the PDE policy should be deployed to
3. Select **Select**
4. Select **Next**
13. On the **Applicability Rules** tab, configure if necessary and then select **Next**
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
#### Disable Winlogon automatic restart sign-on (ARSO)
13. In **Applicability Rules**, configure if necessary and then select **Next**
14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
### Disable Winlogon automatic restart sign-on (ARSO)
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the Intune
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Templates**
6. Under **Template name**, select **Administrative templates**, and then select **Create**
7. On the ****Basics** tab:
7. In **Basics**:
1. Next to **Name**, enter **Disable ARSO**
2. Next to **Description**, enter a description
8. Select **Next**
9. On the **Configuration settings** tab, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options**
9. In **Configuration settings**, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options**
10. Select **Sign-in and lock last interactive user automatically after a restart**
11. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**
12. Select **Next**
13. On the **Scope tags** tab, configure if necessary and then select **Next**
12. On the **Assignments** tab:
13. In **Scope tags**, configure if necessary and then select **Next**
14. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the ARSO policy should be deployed to
3. Select **Select**
4. Select **Next**
13. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
## Recommended prerequisites
15. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
#### Disable crash dumps
## Security hardening recommendations
### Disable kernel-mode crash dumps and live dumps
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the Intune
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
6. On the ****Basics** tab:
1. Next to **Name**, enter **Disable Hibernation**
6. In **Basics**:
1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**
2. Next to **Description**, enter a description
7. Select **Next**
8. On the **Configuration settings** tab, select **Add settings**
9. In the **Settings picker** windows, select **Memory Dump**
10. When the settings appear in the lower pane, under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
8. In **Configuration settings**, select **Add settings**
9. In the **Settings picker** window, under **Browse by category**, select **Memory Dump**
10. When the settings appear under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
11. Change both **Allow Live Dump** and **Allow Crash Dump** to **Block**, and then select **Next**
12. On the **Scope tags** tab, configure if necessary and then select **Next**
13. On the **Assignments** tab:
12. In **Scope tags**, configure if necessary and then select **Next**
13. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the crash dumps policy should be deployed to
2. Select the groups that the disable crash dumps policy should be deployed to
3. Select **Select**
4. Select **Next**
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
#### Disable hibernation
14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
### Disable Windows Error Reporting (WER)/Disable user-mode crash dumps
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the Intune
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
6. On the ****Basics** tab:
6. In **Basics**:
1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**
2. Next to **Description**, enter a description
7. Select **Next**
8. In **Configuration settings**, select **Add settings**
9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **Windows Components**, and then select **Windows Error Reporting**
10. When the settings appear under **Setting name**, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
11. Change **Disable Windows Error Reporting** to **Enabled**, and then select **Next**
12. In **Scope tags**, configure if necessary and then select **Next**
13. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the disable WER dumps policy should be deployed to
3. Select **Select**
4. Select **Next**
14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
### Disable hibernation
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
6. In **Basics**:
1. Next to **Name**, enter **Disable Hibernation**
2. Next to **Description**, enter a description
7. Select **Next**
8. On the **Configuration settings** tab, select **Add settings**
9. In the **Settings picker** windows, select **Power**
10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
8. In **Configuration settings**, select **Add settings**
9. In the **Settings picker** window, under **Browse by category**, select **Power**
10. When the settings appear under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
11. Change **Allow Hibernate** to **Block**, and then select **Next**
12. On the **Scope tags** tab, configure if necessary and then select **Next**
13. On the **Assignments** tab:
12. In **Scope tags**, configure if necessary and then select **Next**
13. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the hibernation policy should be deployed to
2. Select the groups that the disable hibernation policy should be deployed to
3. Select **Select**
4. Select **Next**
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
### Disable allowing users to select when a password is required when resuming from connected standby
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration Profiles**
3. Select **Create profile**
4. Under **Platform**, select **Windows 10 and later**
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
6. In **Basics**:
1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**
2. Next to **Description**, enter a description
7. Select **Next**
8. In **Configuration settings**, select **Add settings**
9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **System**, and then select **Logon**
10. When the settings appear under **Setting name**, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
11. Make sure that **Allow users to select when a password is required when resuming from connected standby** is left at the default of **Disabled**, and then select **Next**
12. In **Scope tags**, configure if necessary and then select **Next**
13. In **Assignments**:
1. Under **Included groups**, select **Add groups**
2. Select the groups that the disable Allow users to select when a password is required when resuming from connected standby policy should be deployed to
3. Select **Select**
4. Select **Next**
14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create**
## See also
- [Personal Data Encryption (PDE)](overview-pde.md)
- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)

46
windows/security/information-protection/personal-data-encryption/faq-pde.yml
View File

@ -5,13 +5,16 @@ metadata:
description: Answers to common questions regarding Personal Data Encryption (PDE).
author: frankroj
ms.author: frankroj
ms.reviewer: rafals
ms.reviewer: rhonnegowda
manager: aaroncz
ms.topic: faq
ms.prod: windows-client
ms.technology: itpro-security
ms.localizationpriority: medium
ms.date: 09/22/2022
ms.date: 12/13/2022
# Max 5963468 OS 32516487
# Max 6946251
title: Frequently asked questions for Personal Data Encryption (PDE)
summary: |
@ -22,53 +25,58 @@ sections:
questions:
- question: Can PDE encrypt entire volumes or drives?
answer: |
No. PDE only encrypts specified files.
No. PDE only encrypts specified files and content.
- question: Is PDE a replacement for BitLocker?
answer: |
No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
- question: Can an IT admin specify which files should be encrypted?
- question: How are files and content protected by PDE selected?
answer: |
Yes, but it can only be done using the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
[PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files and content are protected using PDE.
- question: Do I need to use OneDrive as my backup provider?
- question: Do I need to use OneDrive in Microsoft 365 as my backup provider?
answer: |
No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the keys used by PDE to decrypt files are lost. OneDrive is a recommended backup provider.
No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.
- question: What is the relation between Windows Hello for Business and PDE?
answer: |
During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to decrypt files.
During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.
- question: Can a file be encrypted with both PDE and EFS at the same time?
- question: Can a file be protected with both PDE and EFS at the same time?
answer: |
No. PDE and EFS are mutually exclusive.
- question: Can PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)?
- question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?
answer: |
No. Accessing PDE encrypted files over RDP isn't currently supported.
No. Accessing PDE protected content over RDP isn't currently supported.
- question: Can PDE encrypted files be access via a network share?
- question: Can PDE protected content be accessed via a network share?
answer: |
No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
- question: How can it be determined if a file is encrypted with PDE?
- question: How can it be determined if a file is protected with PDE?
answer: |
Encrypted files will show a padlock on the file's icon. Additionally, `cipher.exe` can be used to show the encryption state of the file.
- Files protected with PDE and EFS will both show a padlock on the file's icon. To verify whether a file is protected with PDE vs. EFS:
1. In the properties of the file, navigate to **General** > **Advanced**. The option **Encrypt contents to secure data** should be selected.
2. Select the **Details** button.
3. If the file is protected with PDE, under **Protection status:**, the item **Personal Data Encryption is:** will be marked as **On**.
- [`cipher.exe`](/windows-server/administration/windows-commands/cipher) can also be used to show the encryption state of the file.
- question: Can users manually encrypt and decrypt files with PDE?
answer: |
Currently users can decrypt files manually but they can't encrypt files manually.
Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section **Disable PDE and decrypt files** in [Personal Data Encryption (PDE)](overview-pde.md).
- question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files?
- question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
answer: |
No. The keys used by PDE to decrypt files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
- question: What encryption method and strength does PDE use?
answer: |
PDE uses AES-CBC with a 256-bit key to encrypt files
PDE uses AES-CBC with a 256-bit key to encrypt content.
additionalContent: |
## See also
- [Personal Data Encryption (PDE)](overview-pde.md)
- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)

15
windows/security/information-protection/personal-data-encryption/includes/pde-description.md
View File

@ -4,24 +4,25 @@ description: Personal Data Encryption (PDE) description include file
author: frankroj
ms.author: frankroj
ms.reviewer: rafals
ms.reviewer: rhonnegowda
manager: aaroncz
ms.topic: how-to
ms.prod: windows-client
ms.technology: itpro-security
ms.localizationpriority: medium
ms.date: 09/22/2022
ms.date: 12/13/2022
---
<!-- Max 5963468 OS 32516487 -->
<!-- Max 6946251 -->
Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to content. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features.
Because PDE utilizes Windows Hello for Business, PDE is also accessibility friendly due to the accessibility features available when using Windows Hello for Business.
Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected content once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
> [!NOTE]
> PDE is currently only available to developers via [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE.
> PDE can be enabled using MDM policies. The content to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect content using PDE.

186
windows/security/information-protection/personal-data-encryption/overview-pde.md
View File

@ -3,75 +3,123 @@ title: Personal Data Encryption (PDE)
description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
author: frankroj
ms.author: frankroj
ms.reviewer: rafals
ms.reviewer: rhonnegowda
manager: aaroncz
ms.topic: how-to
ms.prod: windows-client
ms.technology: itpro-security
ms.localizationpriority: medium
ms.date: 09/22/2022
ms.date: 12/13/2022
---
<!-- Max 5963468 OS 32516487 -->
<!-- Max 6946251 -->
# Personal Data Encryption (PDE)
(*Applies to: Windows 11, version 22H2 and later Enterprise and Education editions*)
**Applies to:**
- Windows 11, version 22H2 and later Enterprise and Education editions
[!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
## Prerequisites
### **Required**
- [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
- Windows 11, version 22H2 and later Enterprise and Education editions
### Required
### **Not supported with PDE**
- [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md)
- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
- For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
- [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
- Remote Desktop connections
- [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
- Windows 11, version 22H2 and later Enterprise and Education editions
### **Highly recommended**
- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
- Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it.
- Backup solution such as [OneDrive](/onedrive/onedrive)
- In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to decrypt files can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.
- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
- Destructive PIN resets will cause keys used by PDE to decrypt files to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
- Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
- [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump)
- Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
- Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
### Not supported with PDE
- [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md)
- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
- For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
- [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
- Remote Desktop connections
### Security hardening recommendations
- [Kernel-mode crash dumps and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies)
Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](configure-pde-in-intune.md#disable-kernel-mode-crash-dumps-and-live-dumps).
- [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting)
Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](configure-pde-in-intune.md#disable-windows-error-reporting-werdisable-user-mode-crash-dumps).
- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
- [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock)
When this policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including native Azure Active Directory joined devices, is different:
- On-premises Active Directory joined devices:
- A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device.
- A password is required immediately after the screen turns off.
The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices.
- Workgroup devices, including native Azure AD joined devices:
- A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device.
- During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome.
Because of this undesired outcome, it's recommended to explicitly disable this policy on native Azure AD joined devices instead of leaving it at the default of not configured.
For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](configure-pde-in-intune.md#disable-allowing-users-to-select-when-a-password-is-required-when-resuming-from-connected-standby).
### Highly recommended
- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to work alongside BitLocker for increased security. PDE isn't a replacement for BitLocker.
- Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview)
In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost. In such scenarios, any content protected with PDE will no longer be accessible. The only way to recover such content would be from backup.
- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
Destructive PIN resets will cause keys used by PDE to protect content to be lost. The destructive PIN reset will make any content protected with PDE no longer accessible after a destructive PIN reset. Content protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
## PDE protection levels
PDE uses AES-CBC with a 256-bit key to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
PDE uses AES-CBC with a 256-bit key to protect content and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
| Item | Level 1 | Level 2 |
|---|---|---|
| Data is accessible when user is signed in | Yes | Yes |
| Data is accessible when user has locked their device | Yes | No |
| Data is accessible after user signs out | No | No |
| Data is accessible when device is shut down | No | No |
| Decryption keys discarded | After user signs out | After user locks device or signs out |
| PDE protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes |
| PDE protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available |
| PDE protected data is accessible after user signs out of Windows | No | No |
| PDE protected data is accessible when device is shut down | No | No |
| PDE protected data is accessible via UNC paths | No | No |
| PDE protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No |
| PDE protected data is accessible via Remote Desktop session | No | No |
| Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows |
## PDE encrypted files accessibility
## PDE protected content accessibility
When a file is encrypted with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE encrypted file, they'll be denied access to the file.
When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access PDE protected content, they'll be denied access to the content.
Scenarios where a user will be denied access to a PDE encrypted file include:
Scenarios where a user will be denied access to PDE protected content include:
- User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN.
- If specified via level 2 protection, when the device is locked.
- When trying to access files on the device remotely. For example, UNC network paths.
- If protected via level 2 protection, when the device is locked.
- When trying to access content on the device remotely. For example, UNC network paths.
- Remote Desktop sessions.
- Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE encrypted files.
- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected content.
## How to enable PDE
@ -85,55 +133,83 @@ To enable PDE on devices, push an MDM policy to the devices with the following p
There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it.
> [!NOTE]
> Enabling the PDE policy on devices only enables the PDE feature. It does not encrypt any files. To encrypt files, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) to create custom applications and scripts to specify which files to encrypt and at what level to encrypt the files. Additionally, files will not encrypt via the APIs until this policy has been enabled.
> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](configure-pde-in-intune.md#enable-personal-data-encryption-pde).
## Differences between PDE and BitLocker
PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, nor is BitLocker a replacement for PDE. Using both features together provides better security than using either BitLocker or PDE alone. However there are differences between BitLocker and PDE and how they work. These differences are why using them together offers better security.
| Item | PDE | BitLocker |
|--|--|--|
| Release of key | At user sign-in via Windows Hello for Business | At boot |
| Keys discarded | At user sign-out | At reboot |
| Files encrypted | Individual specified files | Entire volume/drive |
| Authentication to access encrypted file | Windows Hello for Business | When BitLocker with PIN is enabled, BitLocker PIN plus Windows sign in |
| Accessibility | Windows Hello for Business is accessibility friendly | BitLocker with PIN doesn't have accessibility features |
| Release of decryption key | At user sign-in via Windows Hello for Business | At boot |
| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At reboot |
| Files protected | Individual specified files | Entire volume/drive |
| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
## Differences between PDE and EFS
The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the keys to decrypt the files. EFS uses certificates to secure and encrypt the files.
The main difference between protecting files with PDE instead of EFS is the method they use to protect the file. PDE uses Windows Hello for Business to secure the keys that protect the files. EFS uses certificates to secure and protect the files.
To see if a file is encrypted with PDE or EFS:
To see if a file is protected with PDE or with EFS:
1. Open the properties of the file
2. Under the **General** tab, select **Advanced...**
3. In the **Advanced Attributes** windows, select **Details**
For PDE encrypted files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
For PDE protected files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
For EFS encrypted files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
For EFS protected files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
Encryption information including what encryption method is being used can be obtained with the command line `cipher.exe /c` command.
Encryption information including what encryption method is being used to protect the file can be obtained with the [cipher.exe /c](/windows-server/administration/windows-commands/cipher) command.
## Disable PDE and decrypt files
## Disable PDE and decrypt content
Currently there's no method to disable PDE via MDM policy. However, in certain scenarios PDE encrypted files can be decrypted using `cipher.exe` using the following steps:
Once PDE is enabled, it isn't recommended to disable it. However if PDE does need to be disabled, it can be done so via the MDM policy described in the section [How to enable PDE](#how-to-enable-pde). The value of the OMA-URI needs to be changed from **`1`** to **`0`** as follows:
- Name: **Personal Data Encryption**
- OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
- Data type: **Integer**
- Value: **0**
Disabling PDE doesn't decrypt any PDE protected content. It only prevents the PDE API from being able to protect any additional content. PDE protected files can be manually decrypted using the following steps:
1. Open the properties of the file
2. Under the **General** tab, select **Advanced...**
3. Uncheck the option **Encrypt contents to secure data**
4. Select **OK**, and then **OK** again
> [!Important]
> Once a user selects to manually decrypt a file, they will not be able to manually encrypt the file again.
PDE protected files can also be decrypted using [cipher.exe](/windows-server/administration/windows-commands/cipher). Using `cipher.exe` can be helpful to decrypt files in the following scenarios:
- Decrypting a large number of files on a device
- Decrypting files on a large number of devices.
To decrypt files on a device using `cipher.exe`:
- Decrypt all files under a directory including subdirectories:
```cmd
cipher.exe /d /s:<path_to_directory>
```
- Decrypt a single file or all of the files in the specified directory, but not any subdirectories:
```cmd
cipher.exe /d <path_to_file_or_directory>
```
> [!IMPORTANT]
> Once a user selects to manually decrypt a file, the user will not be able to manually protect the file again using PDE.
## Windows out of box applications that support PDE
Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE.
- Mail
- Supports encrypting both email bodies and attachments
- Supports protecting both email bodies and attachments
## See also
- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)

11
windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
View File

@ -1,17 +1,14 @@
### YamlMime:FAQ
metadata:
title: Advanced security auditing FAQ (Windows 10)
title: Advanced security auditing FAQ
description: This article lists common questions and answers about understanding, deploying, and managing security audit policies.
ms.prod: windows-client
ms.technology: mde
ms.localizationpriority: none
author: dansimp
ms.author: dansimp
author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.reviewer:
ms.collection: M365-security-compliance
ms.topic: faq
ms.date: 05/24/2022
ms.technology: itpro-security
title: Advanced security auditing FAQ

1
windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
View File

@ -12,6 +12,7 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.technology: itpro-security
ms.topic: reference
---
# Appendix A: Security monitoring recommendations for many audit events

1
windows/security/threat-protection/auditing/audit-account-lockout.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Account Lockout

1
windows/security/threat-protection/auditing/audit-application-generated.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Application Generated

1
windows/security/threat-protection/auditing/audit-application-group-management.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Application Group Management

1
windows/security/threat-protection/auditing/audit-audit-policy-change.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Audit Policy Change

1
windows/security/threat-protection/auditing/audit-authentication-policy-change.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Authentication Policy Change

1
windows/security/threat-protection/auditing/audit-authorization-policy-change.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Authorization Policy Change

1
windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Central Access Policy Staging

1
windows/security/threat-protection/auditing/audit-certification-services.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Certification Services

1
windows/security/threat-protection/auditing/audit-computer-account-management.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Computer Account Management

1
windows/security/threat-protection/auditing/audit-credential-validation.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Credential Validation

1
windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Detailed Directory Service Replication

1
windows/security/threat-protection/auditing/audit-detailed-file-share.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Detailed File Share

1
windows/security/threat-protection/auditing/audit-directory-service-access.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Directory Service Access

1
windows/security/threat-protection/auditing/audit-directory-service-changes.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Directory Service Changes

1
windows/security/threat-protection/auditing/audit-directory-service-replication.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Directory Service Replication

1
windows/security/threat-protection/auditing/audit-distribution-group-management.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Distribution Group Management

1
windows/security/threat-protection/auditing/audit-dpapi-activity.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit DPAPI Activity

1
windows/security/threat-protection/auditing/audit-file-share.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit File Share

1
windows/security/threat-protection/auditing/audit-file-system.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit File System

1
windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Filtering Platform Connection

1
windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Filtering Platform Packet Drop

1
windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Filtering Platform Policy Change

1
windows/security/threat-protection/auditing/audit-group-membership.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Group Membership

1
windows/security/threat-protection/auditing/audit-handle-manipulation.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Handle Manipulation

1
windows/security/threat-protection/auditing/audit-ipsec-driver.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit IPsec Driver

1
windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit IPsec Extended Mode

1
windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit IPsec Main Mode

1
windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit IPsec Quick Mode

1
windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Kerberos Authentication Service

1
windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Kerberos Service Ticket Operations

1
windows/security/threat-protection/auditing/audit-kernel-object.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Kernel Object

1
windows/security/threat-protection/auditing/audit-logoff.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Logoff

1
windows/security/threat-protection/auditing/audit-logon.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Logon

1
windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit MPSSVC Rule-Level Policy Change

1
windows/security/threat-protection/auditing/audit-network-policy-server.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Network Policy Server

1
windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Non-Sensitive Privilege Use

1
windows/security/threat-protection/auditing/audit-other-account-logon-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Account Logon Events

1
windows/security/threat-protection/auditing/audit-other-account-management-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Account Management Events

1
windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Logon/Logoff Events

1
windows/security/threat-protection/auditing/audit-other-object-access-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Object Access Events

1
windows/security/threat-protection/auditing/audit-other-policy-change-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Policy Change Events

1
windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other Privilege Use Events

1
windows/security/threat-protection/auditing/audit-other-system-events.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Other System Events

1
windows/security/threat-protection/auditing/audit-pnp-activity.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit PNP Activity

1
windows/security/threat-protection/auditing/audit-process-creation.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 03/16/2022
ms.technology: itpro-security
ms.topic: reference
---
# Audit Process Creation

1
windows/security/threat-protection/auditing/audit-process-termination.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Process Termination

1
windows/security/threat-protection/auditing/audit-registry.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 01/05/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Registry

1
windows/security/threat-protection/auditing/audit-removable-storage.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
ms.technology: itpro-security
ms.topic: reference
---
# Audit Removable Storage

Some files were not shown because too many files have changed in this diff Show More