deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

move content to include files

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-10-14 07:33:12 -04:00
parent 54ff61a45f
commit ce153c3aa8
19 changed files with 109 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/book/operating-system-security-encryption-and-data-protection.md
View File

@ -15,7 +15,7 @@ When people travel with their PCs, their confidential information travels with t
BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. BitLocker uses the AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. BitLocker can save its recovery password to a Microsoft account for retrieval if needed. This happens automatically during the initial setup when BitLocker is enabled in OOE (Out of Box Experience) on modern devices and the user signs into their Microsoft account for the first time. Additionally, users have the option to export the recovery password if they have manually enabled BitLocker. Cloud storage on Microsoft OneDrive or Azure<sup>[\[9\]](conclusion.md#footnote9)</sup> can be used to save recovery key content. BitLocker can be managed by a device management solution like Microsoft Intune<sup>[\[6\]](conclusion.md#footnote6)</sup> using a configuration service provider (CSP)<sup>[\[9\]](conclusion.md#footnote9)</sup>. BitLocker provides encryption for the OS, fixed data, and removable data drives (BitLocker To Go), using technologies like Hardware Security Test Interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [BitLocker overview](../operating-system-security/data-protection/bitlocker/index.md)
@ -23,7 +23,7 @@ BitLocker is a data protection feature that integrates with the operating system
BitLocker To Go refers to BitLocker on removable data drives. BitLocker To Go includes the encryption of USB flash drives, SD cards, and external hard disk drives. Drives can be unlocked using a password, certificate on a smart card, or recovery password.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [BitLocker FAQ](../operating-system-security/data-protection/bitlocker/faq.yml)
@ -35,7 +35,7 @@ Organizations have the option to disable device encryption in favor of a full Bi
🆕 Starting with Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby is removed. This change makes more devices eligible for both automatic and manual device encryption.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [Device encryption](../operating-system-security/data-protection/bitlocker/index.md#device-encryption)
@ -52,7 +52,7 @@ Encrypted hard drives enable:
- Ease of use: encryption is transparent to the user, and the user doesn't need to enable it. Encrypted hard drives are easily erased using an onboard encryption key. There's no need to re-encrypt data on the drive
- Lower cost of ownership: there's no need for new infrastructure to manage encryption keys since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [Encrypted hard drive](../operating-system-security/data-protection/encrypted-hard-drive.md)
@ -64,7 +64,7 @@ The initial release of PDE in Windows 11, version 22H2, introduced a set of publ
🆕 Starting in Windows 11, version 24H2, PDE is further enhanced with *PDE for known folders*, which extends protection to the Windows folders: Documents, Pictures, and Desktop.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [Personal Data Encryption (PDE)](../operating-system-security/data-protection/personal-data-encryption/index.md)
@ -76,7 +76,7 @@ The new Outlook app included in Windows 11 supports various types of email encry
When using Secure/Multipurpose Internet Mail Extensions (S/MIME), users can send encrypted messages to people within their organization and to external contacts who have the proper encryption certificates. Recipients can only read encrypted messages if they have the corresponding decryption keys. If an encrypted message is sent to recipients whose encryption certificates aren't available, Outlook asks you to remove these recipients before sending the email.
:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
[!INCLUDE [learn-more](includes/learn-more.md)]
- [S/MIME for message signing and encryption in Exchange Online](/exchange/security-and-compliance/smime-exo/smime-exo)
- [Get started with the new Outlook for Windows](https://support.microsoft.com/topic/656bb8d9-5a60-49b2-a98b-ba7822bc7627)