Merge branch 'main' into sheshachary-5714481

windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml

@@ -16,10 +16,9 @@ metadata:
   ms.collection:
     - M365-security-compliance
     - highpri
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.custom: bitlocker
-    
 title: BitLocker and Active Directory Domain Services (AD DS) FAQ
 summary: |
   **Applies to**
@@ -82,4 +81,4 @@ sections:
           
           When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker will not automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain-) to capture the information after connectivity is restored.
           
-          
+          

windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml

@@ -14,10 +14,9 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.custom: bitlocker
-    
 title: BitLocker frequently asked questions (FAQ)
 summary: |
   **Applies to**
@@ -93,4 +92,4 @@ sections:
         answer: Some drives cannot be encrypted with BitLocker. Reasons a drive cannot be encrypted include insufficient disk size, an incompatible file system, if the drive is a dynamic disk, or a drive is designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it is not created as a hidden drive when the operating system was installed due to a custom installation process, that drive might be displayed but cannot be encrypted.
 
       - question: What type of disk configurations are supported by BitLocker?
-        answer: Any number of internal, fixed data drives can be protected with BitLocker. On some versions ATA and SATA-based, direct-attached storage devices are also supported.
+        answer: Any number of internal, fixed data drives can be protected with BitLocker. On some versions ATA and SATA-based, direct-attached storage devices are also supported.

windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md

@@ -14,7 +14,7 @@ ms.collection:
   - M365-security-compliance
   - highpri
 ms.topic: conceptual
-ms.date: 02/28/2019
+ms.date: 03/10/2022
 ms.custom: bitlocker
 ---
 
@@ -64,6 +64,7 @@ Microsoft includes instrumentation in Windows 11 and Windows 10 that enable the
 ## Deploy hard drive encryption
 
 BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 11 and Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
+
 With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 11 and Windows 10.
 
 ## BitLocker Device Encryption 
@@ -130,11 +131,11 @@ For more information about how to configure Network Unlock, see [BitLocker: How
 
 ## Microsoft BitLocker Administration and Monitoring
 
-Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
+Part of the Microsoft Desktop Optimization Pack, Microsoft BitLocker Administration and Monitoring (MBAM) makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
 
 * Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
 * Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
-* Provides centralized reporting and hardware management with Microsoft Microsoft Endpoint Configuration Manager.
+* Provides centralized reporting and hardware management with Microsoft Endpoint Configuration Manager.
 * Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
 * Enables end users to recover encrypted devices independently by using the Self-Service Portal.
 * Enables security officers to easily audit access to recovery key information.
@@ -144,4 +145,9 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 * Offers an IT-customizable recovery user experience.
 * Supports Windows 10.
 
-For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/) on the MDOP TechCenter.
+> [!IMPORTANT]
+> Enterprises could use MBAM to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ended in July 2019, or they could receive extended support until April 2026.
+
+Going forward, the functionality of MBAM will be incorporated into Configuration Manager. For more details, see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker).
+
+Enterprises not using Configuration Manager can use the built-in features of Azure AD and Microsoft Intune in Microsoft Endpoint Manager for administration and monitoring. For more details, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor).

windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml

@@ -16,10 +16,9 @@ metadata:
   ms.collection:
     - M365-security-compliance
     - highpri
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.custom: bitlocker
-    
 title: BitLocker frequently asked questions (FAQ) resources
 summary: |
   **Applies to**
@@ -52,4 +51,4 @@ sections:
           -   [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
           -   [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
           -   [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md)
-          -   [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps&preserve-view=true)
+          -   [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps&preserve-view=true)

windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml

@@ -14,10 +14,9 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.custom: bitlocker
-    
 title: BitLocker Key Management FAQ
 summary: |
   **Applies to**

windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml

@@ -12,11 +12,10 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.reviewer: 
   ms.custom: bitlocker
-    
 title: BitLocker Network Unlock FAQ
 summary: |
   **Applies to**

windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml

@@ -16,10 +16,9 @@ metadata:
   ms.collection:
     - M365-security-compliance
     - highpri
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 07/27/2021
   ms.custom: bitlocker
-    
 title: BitLocker Overview and Requirements FAQ
 summary: |
   **Applies to**

windows/security/information-protection/bitlocker/bitlocker-security-faq.yml

@@ -14,10 +14,9 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
-  ms.date: 02/28/2019
+  ms.topic: faq
+  ms.date: 03/14/2022
   ms.custom: bitlocker
-    
 title: BitLocker Security FAQ
 summary: |
   **Applies to**
@@ -41,7 +40,7 @@ sections:
       - question: |
           What are the implications of using the sleep or hibernate power management options?
         answer: |
-          BitLocker on operating system drives in its basic configuration (with a TPM but without other startup authentication) provides extra security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. For improved security, we recommend disabling sleep mode and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](./bitlocker-group-policy-settings.md) or Mobile Device Management with the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp). 
+          BitLocker on operating system drives in its basic configuration (with a TPM but without other startup authentication) provides extra security for the hibernate mode. However, BitLocker provides greater security when it is configured to use another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. In sleep mode, the computer is vulnerable to direct memory access attacks, since it remains unprotected data in RAM. Therefore, for improved security, we recommend disabling sleep mode and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](./bitlocker-group-policy-settings.md) or Mobile Device Management with the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp). 
           
       - question: |
           What are the advantages of a TPM?
@@ -50,4 +49,4 @@ sections:
           
           > [!NOTE]
           > Configuring BitLocker with an additional factor of authentication provides even more protection against TPM hardware attacks.
-          
+          

windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml

@@ -14,10 +14,9 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 07/10/2018
   ms.custom: bitlocker
-    
 title: BitLocker To Go FAQ
 summary: |
   **Applies to**

windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml

@@ -12,11 +12,10 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.reviewer: 
   ms.custom: bitlocker
-    
 title: BitLocker Upgrading FAQ
 summary: |
   **Applies to**
@@ -52,4 +51,4 @@ sections:
           
           
           > [!NOTE]
-          > If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
+          > If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.

windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml

@@ -14,10 +14,9 @@ metadata:
   manager: dansimp
   audience: ITPro
   ms.collection: M365-security-compliance
-  ms.topic: conceptual
+  ms.topic: faq
   ms.date: 02/28/2019
   ms.custom: bitlocker
-    
 title: Using BitLocker with other programs FAQ
 summary: |
   **Applies to**