mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 11:53:37 +00:00
Update PDE Docs 17
This commit is contained in:
Frank Rojas
@ -73,29 +73,6 @@ ms.date: 09/22/2022
|
||||
|
||||
## Recommended prerequisites
|
||||
|
||||
#### Disable hibernation
|
||||
|
||||
1. Sign into the Intune
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
3. Select **Create profile**
|
||||
4. Under **Platform**, select **Windows 10 and later**
|
||||
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
|
||||
6. On the ****Basics** tab:
|
||||
1. Next to **Name**, enter **Disable Hibernation**
|
||||
2. Next to **Description**, enter a description
|
||||
7. Select **Next**
|
||||
8. On the **Configuration settings** tab, select **Add settings**
|
||||
9. In the **Settings picker** windows, select **Power**
|
||||
10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
|
||||
11. Change **Allow Hibernate** to **Block**, and then select **Next**
|
||||
12. On the **Scope tags** tab, configure if necessary and then select **Next**
|
||||
13. On the **Assignments** tab:
|
||||
1. Under **Included groups**, select **Add groups**
|
||||
2. Select the groups that the hibernation policy should be deployed to
|
||||
3. Select **Select**
|
||||
4. Select **Next**
|
||||
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
|
||||
|
||||
#### Disable crash dumps
|
||||
|
||||
1. Sign into the Intune
|
||||
@ -119,6 +96,29 @@ ms.date: 09/22/2022
|
||||
4. Select **Next**
|
||||
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
|
||||
|
||||
#### Disable hibernation
|
||||
|
||||
1. Sign into the Intune
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
3. Select **Create profile**
|
||||
4. Under **Platform**, select **Windows 10 and later**
|
||||
5. Under **Profile type**, select **Settings catalog**, and then select **Create**
|
||||
6. On the ****Basics** tab:
|
||||
1. Next to **Name**, enter **Disable Hibernation**
|
||||
2. Next to **Description**, enter a description
|
||||
7. Select **Next**
|
||||
8. On the **Configuration settings** tab, select **Add settings**
|
||||
9. In the **Settings picker** windows, select **Power**
|
||||
10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
|
||||
11. Change **Allow Hibernate** to **Block**, and then select **Next**
|
||||
12. On the **Scope tags** tab, configure if necessary and then select **Next**
|
||||
13. On the **Assignments** tab:
|
||||
1. Under **Included groups**, select **Add groups**
|
||||
2. Select the groups that the hibernation policy should be deployed to
|
||||
3. Select **Select**
|
||||
4. Select **Next**
|
||||
14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
|
||||
|
||||
## See also
|
||||
- [Personal Data Encryption (PDE)](overview-pde.md)
|
||||
- [Personal Data Encryption (PDE) FAQ](faq-pde.md)
|
||||
- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
|
||||
@ -1,7 +1,17 @@
|
||||
### YamlMime:FAQ
|
||||
|
||||
metadata:
|
||||
title: Frequently asked questions for Personal Data Encryption (PDE)
|
||||
description: Answers to common questions regarding Personal Data Encryption (PDE).
|
||||
author: frankroj
|
||||
ms.author: frankroj
|
||||
ms.reviewer: rafals
|
||||
manager: aaroncz
|
||||
ms.topic: faq
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-security
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/22/2022
|
||||
|
||||
title: Frequently asked questions for Personal Data Encryption (PDE)
|
||||
summary: |
|
||||
|
||||
@ -45,9 +45,9 @@ ms.date: 09/22/2022
|
||||
- Destructive PIN resets will cause PDE encryption keys to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
|
||||
- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
|
||||
- Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
|
||||
- [Kernel and user mode crash dumps disabled](../../../client-management/mdm/policy-csp-memorydump.md)
|
||||
- [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump)
|
||||
- Crash dumps can potentially cause the PDE encryption keys to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, please see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
|
||||
- [Hibernation disabled](../../../client-management/mdm/policy-csp-power#power-allowhibernate)
|
||||
- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
|
||||
- Hibernation files can potentially cause the PDE encryption keys to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, please see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
|
||||
|
||||
## PDE protection levels
|
||||
@ -83,7 +83,7 @@ To enable PDE on devices, push an MDM policy to the devices with the following p
|
||||
- Data type: **Integer**
|
||||
- Value: **1**
|
||||
|
||||
There's also a [PDE CSP](../../../client-management/mdm/personaldataencryption-csp.md) available for MDM solutions that support it.
|
||||
There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it.
|
||||
|
||||
> [!NOTE]
|
||||
> Enabling the PDE policy on devices only enables the PDE feature. It does not encrypt any files. To encrypt files, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) to create custom applications and scripts to specify which files to encrypt and at what level to encrypt the files. Additionally, files will not encrypt via the APIs until this policy has been enabled.
|
||||
@ -138,5 +138,5 @@ Certain Windows applications support PDE out of the box. If PDE is enabled on a
|
||||
- Supports encrypting both email bodies and attachments
|
||||
|
||||
## See also
|
||||
- [Personal Data Encryption (PDE) FAQ](faq-pde.md)
|
||||
- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
|
||||
- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
|
||||
Reference in New Issue
Block a user