From d5f55fe3d472a8181b4ad364fc84e1169ee5aa38 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 3 Oct 2023 09:47:33 -0400
Subject: [PATCH] tabbed xp

---
 .../data-protection/bitlocker/images/cmd.png  | Bin 626 -> 213 bytes
 .../bitlocker/images/powershell.png           | Bin 1166 -> 670 bytes
 .../data-protection/bitlocker/manage.md       |  50 ++++++++++--------
 3 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/cmd.png b/windows/security/operating-system-security/data-protection/bitlocker/images/cmd.png
index 55fd5b43ff09f8c5755346bdb48d00f8c4efe638..c410cfa5d4e364e91fed070c64ed2f5be7520405 100644
GIT binary patch
delta 171
zcmeywa+OiBGr-TCmrII^fq{Y7)59eQNDF{42OE%-|NK93qM}JXLzbtDV~B-+vP8uN
z`^;bUUIsTBPMgaM9Fd$VY?!fwarwD9s@#Wp8Gg0s_|!5dFhmOa$i(ur1oAk9u_Q0P
z{6b<m;|mG43r9Q47_Fq+0(lq`B^<(9bl4X=G8{Q(&=BHd%dBzGp;?2GhlgQq_OjX2
UoMv?bt!MCb^>bP0l)%^o0J}akdH?_b

delta 587
zcmV-R0<`_r0rCVPiBL{Q4GJ0x0000DNk~Le0000W0000W2nGNE0CReJ^pPPne*y<d
zL_t(oN9~tOYZ_4)hKDE-2|+<|Aqd_OK}8Tn6cI#JMAX00eaIqE0_LKfXt7eODNTM)
zn|NO(E3?aAu&ca1pEqW75+pbps4qM?9=|i+Gs8j7;da@2_)6__;o=K6$wjeTV6FEV
zdt8YxzdR0~F?e`l4A;u1lbYlwe@U?BhOtDo_G8rT4=|@UKu3~3I^90nb9!iXCeS#|
z>-Jd<tE1m({J!1AU8{pX_ig;XYt5Mo*cb;~^ZIs_&*wqpayewPS!6O9q|<4nQYj=7
z3B==Z#9}c-qfta65ro5G1cO2N{eJj-K6t%ecsw4sTrN1BPB<J6SS%J8e~m`ybULWj
zYHB!VD&SxoGJ%`z3N)I(wkuF?{QSEpFw1KK6xjqQvo}DQ2~cDasMVX}=28N0y#dNh
z!0mR!Znwi~wZd#R!(=i+uh&DX)k34uK&4WxM<5gmji1zJvyJO0N~KbC^Ho?`fI>~_
z$tc2`5K?2SAQJfYy&)11e=b6LeZq;0P=wcSML16+!2StE0)aqaY0<13Nr7ZC34_6~
zR4fNe0<^jpSE`(d1WNo@C=`mNA~_KWOuuZDoxo0DC-AWZXpeqcxE#^odpIv%p~zRj
zSE?voRdHD=<4mGX$kFjhoi(5AidpD@Kzno=AgfJ4y(Z@Zmc8i(A=w;m2<kOC8U5$s
ZxPQn-=3fk|Doy|Z002ovPDHLkV1o4x{=xtN

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/powershell.png b/windows/security/operating-system-security/data-protection/bitlocker/images/powershell.png
index 9c014536ca6010831843495edef8e4f97848b6fb..11738f23f70dcfbe4c401e0afee1f03c0da4353e 100644
GIT binary patch
delta 631
zcmV--0*L*N37!QZiBL{Q4GJ0x0000DNk~Le0000G0000G2nGNE03Y-JVUZy;e*!Z}
zL_t(IPtB73OH*MK$M2u8e<mV=)MZXL-KG)<{h~yMFp*U@^QGmgxvRNpKlK9D7DV{V
z5GmLUo*L0YtJ{laW@^jn=9;BzxwY_qJI`}38T|uw;P7x?KHqcBbH39569?K^^Pw{{
zjAvE%TUOOGNBNGKdfzis-vX;XfBS)QiPgB5S<ShR%-sKpSuUi)Ixa~BD2<~k<OvnN
z@t?3?`VO1Cg}Q+(YA>$C;z@!)kPt{1R7gAvn5r8{5sf1|m|0Q5WAy$u!5bQUewBVs
z5WEOe?>xb?sC2!8*^^Xsfrob6U=9ub5}cs|@<kQ7d=ZYTX$|iG1Mb$~e}kRRVU;%n
zLZITr(?CO@L~U<_3w7MsLcX9<?!a*+g=+WGF5LB6!2GNqF4%<teN^nj8f^7_L9I7~
zu25Et!bOao&p;Qe!!KYwIVC!(_x~_Z^*GI+fNkg-!Cz75{fzeOSuCbYLSSk(iG9Z>
zH2Aazmph-(XlvU1^uo>|f2*v)*P=NA^6=e!guTbY1S%qpr>0TijH9e0#@pBCuXMc(
z&}E>>zk&FCQGj#H860+v!7(z8(1Q$ulW7E_Yq%9j;^-iCK|-{0eg3`$h41=KEHB{O
z_Y{=3jnS&!2>9=igO5QB7cd9`au)46jh4$P9C1gm-!b{yDAXO=O@?A<9f+dU8$nag
zIQF#M-JPEYZ6Hi*B71U+CWJ-Jo)u>CtTOtM+m(@-C^P!G&Zv5`j{ozJq+h05;)eS{
R9*F<|002ovPDHLkV1mOOGI9U_

delta 1131
zcmV-x1eE)p1&#?JiBL{Q4GJ0x0000DNk~Le0000W0000W2nGNE0CReJ^pPPne*_~*
zL_t(oN9~qbPg7A4$N30+6dp`8KCpwbNtIyqO-;Z=1&Sh|h!(7@)-5LL6NsV-AqplY
zh!DVCM3AC_3lwFmELH^Bb(}d%@4Y>jMW6X6lUr!-`OTR#^S{?`UF$MaU`o@Tu*?pK
zI_2_-KG=#OuWOEz`fD#<dm%c1e*oeN#w-G9RA@$<C*k5Bkg?;!66`p?0NWjNU^zPj
zmeOg6FZl`Eihn>{(F837v1h(PjC}-RP7krgqikPT(gfR*`w6z3_yCbP-4Jo?9Ykbz
z;pZNRD;&28q$b>b0Ntp-&&@%41ty?_Z!7vviy(XyV(o5(4|90lGVtRZe;%II$^ORs
ztpclw%1;Zk1TOsc!uv-50I9KS!3ZzV!v`Tc?<?-U-yD97!};;{;X0lGfz^Zwlo6D}
z7ZE-W7RL;OOEo&@SBBGh=YB@`M^kv%(bw##1kxz{(xr!Qcg*6s|AKpM3j)v8;GD(M
zF9Sa*;XM#}{5`_oLU^_lf5J20AiNzyGhR^zn*>r*U~02JW$X)&FP(z;;z=z3yufpn
zR#U^7z;jLDSrXpHs(@>%4H%T#VxiI~@RCW)*n?%CU_00AT+PHk!9$O<vcAA(R!1->
z?Xe9TLxto22rkF1q0`tCj=N)`=@5Rx1fHqELk_=SRl{-i7g$Xpe@9+6$yr|xE@$1@
zKPT{9XYaVRjz_p0HwHhd!GqJEQ3JaK(kRM!twxhrGyuIL#-2zzPdnFUU3PqEh6blA
zj&+$pY6?kz9zf@~y3q`Jji$b1N}#!}RJWPHUjbGYaD522K4C|KW3CzyW@e>bDsYoo
zKX`Rm+5OMyIfzQTe{BvwOz@|GJ;s_9r%W{<JfkuOUIp%`8HefF-vZ0k*xCz$$v3gY
zPgjKFl(BviNTaZHE(NYLn#AHkc-C#~e%f_WSqp4Tx}zA47mi6uIJzvIziL1@BK~BZ
za@IMVHyyzbU2}umvna4!-L6qc%&LMQ>toYd_rmde38%#He;K115SGkB<yFQle+Vj@
zCk0Z|jr$$2Vec&nL#R2NcRV$ngj3LnVgjlG;knres)z3^8Bu1PO1>|@7B(NKW3#^h
z;wPwh=!Wa{BN)R_{$L1W5X$QYz<Rk0OaBPL&E5oJ?8B6RYCsX$&L-bk_uV;bwEdOr
zY^Bkxri2_0f0lvI6LSM12h+pJXs*?L7s~)|wB#D$a+=Xh%`Ayum@CFw<%Lrt;_g)g
z!ZTzBWM(uem)apNqZR_Kk2qZSMnmJa+ui}mg%2_6c@#WgkyKCzyK-t_Q!?Hw5}@B>
z0(%5j6PD8&oi|{Zb@_B#>5XQkS(i|Kh}S&TfN)_OL6zJWuD;RW)9pXu6!>8C2&7R6
xun>$gTs|<NH3t3G_kJ=r)AFxtU4DLke*rp3Cq)*N8Fc^v002ovPDHLkV1huX4JQBq

diff --git a/windows/security/operating-system-security/data-protection/bitlocker/manage.md b/windows/security/operating-system-security/data-protection/bitlocker/manage.md
index 589ee40f59..32556403ff 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/manage.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/manage.md
@@ -1,13 +1,13 @@
 ---
-title: How to use the BitLocker drive encryption tools to manage BitLocker 
-description: Learn how to use tools to manage BitLocker.
+title: Manage BitLocker in your organization
+description: Learn how to use different tools to manage BitLocker in your organization.
 ms.collection: 
   - tier1
 ms.topic: how-to
 ms.date: 07/25/2023
 ---
 
-# How to use the BitLocker drive encryption tools to manage BitLocker
+# Manage BitLocker in your organization
 
 BitLocker drive encryption tools include the two command-line tools *manage-bde.exe* and *repair-bde.exe*, and the BitLocker PowerShell module.
 
@@ -16,7 +16,7 @@ The tools can be used to perform any tasks that can be accomplished through the
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-#### [:::image type="icon" source="images/powershell.png"::: **Intune**](#tab/powershell)
+#### [:::image type="icon" source="images/powershell.png"::: **PowerShell**](#tab/powershell)
 
 Similar to manage-bde, the PowerShell cmdlets allow configuration beyond the options offered in the control panel. A good initial step is to determine the current state of the volume(s) on the computer. For example, to determine the current state of a volume you can use the `Get-BitLockerVolume` cmdlet, which provides information on the volume type, protectors, protection status, and other details.
 
@@ -58,7 +58,7 @@ Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 > [!NOTE]
 > The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
 
-#### [:::image type="icon" source="images/cmd.png"::: **Intune**](#tab/cmd)
+#### [:::image type="icon" source="images/cmd.png"::: **cmd**](#tab/cmd)
 
 ```cmd
 C:\>manage-bde -status
@@ -79,13 +79,10 @@ Volume C: [Local Disk]
         Numerical Password
 ```
 
-
-#### [:::image type="icon" source="images/locked-drive.svg"::: **Intune**](#tab/controlpanel)
+#### [:::image type="icon" source="images/locked-drive.svg"::: **Settings**](#tab/controlpanel)
 
 ---
 
-
-
 ## Manage-bde
 
 Manage-bde is a command-line tool that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the `manage-bde.exe` options, see the [Manage-bde](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829849(v=ws.11)) command-line reference.
@@ -132,7 +129,25 @@ The above command encrypts the drive using the TPM as the default protector. If
  manage-bde.exe -protectors -get <volume>
 ```
 
-### Using manage-bde with data volumes
+## Manage data volumes
+
+Follow the instructions below to configure your devices, selecting the option that best suits your needs.
+
+#### [:::image type="icon" source="images/powershell.png"::: **PowerShell**](#tab/powershell)
+
+Data volume encryption using Windows PowerShell is the same as for operating system volumes. Add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
+SecureString value to store the user-defined password.
+
+```powershell
+$pw = Read-Host -AsSecureString
+<user inputs password>
+Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
+```
+
+> [!NOTE]
+> The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
+
+#### [:::image type="icon" source="images/cmd.png"::: **cmd**](#tab/cmd)
 
 Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command:
 
@@ -147,6 +162,10 @@ manage-bde.exe -protectors -add -pw C:
 manage-bde.exe -on C:
 ```
 
+#### [:::image type="icon" source="images/locked-drive.svg"::: **Settings**](#tab/controlpanel)
+
+---
+
 ## BitLocker Repair Tool
 
 Hard disk areas on which BitLocker stores critical information could be damaged, for example, when a hard disk fails or if Windows exits unexpectedly.
@@ -214,17 +233,6 @@ In the example below, adds one additional protector, the StartupKey protector an
 Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
 ```
 
-### Using the BitLocker Windows PowerShell cmdlets with data volumes
-
-Data volume encryption using Windows PowerShell is the same as for operating system volumes. Add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
-SecureString value to store the user-defined password.
-
-```powershell
-$pw = Read-Host -AsSecureString
-<user inputs password>
-Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
-```
-
 ### Using an SID-based protector in Windows PowerShell
 
 The **ADAccountOrGroup** protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding an SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and unlock to any member computer of the cluster.