deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

PDE CSP

Browse Source
This commit is contained in:
Vinay Pamnani 2023-02-17 17:01:32 -05:00
parent 4a8ce87f16
commit e49b885226
3 changed files with 184 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
windows/client-management/mdm/personaldataencryption-csp.md
View File

@ -1,46 +1,173 @@
---
title: PersonalDataEncryption CSP
description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices.
ms.author: v-nsatapathy
ms.topic: article
title: PDE CSP
description: Learn more about the PDE CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 02/17/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/12/2022
ms.reviewer:
manager: dansimp
ms.topic: reference
---
# PersonalDataEncryption CSP
<!-- Auto-Generated CSP Document -->
The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP was added in Windows 11, version 22H2.
<!-- PDE-Begin -->
# PDE CSP
The following shows the PersonalDataEncryption configuration service provider in tree format:
<!-- PDE-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The Personal Data Encryption (PDE) configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP was added in Windows 11, version 22H2.
<!-- PDE-Editable-End -->
```
<!-- PDE-Tree-Begin -->
The following example shows the PDE configuration service provider in tree format.
```text
./User/Vendor/MSFT/PDE
-- EnablePersonalDataEncryption
-- Status
-------- PersonalDataEncryptionStatus
--- EnablePersonalDataEncryption
--- Status
------ PersonalDataEncryptionStatus
```
<!-- PDE-Tree-End -->
**EnablePersonalDataEncryption**:
- 0 is default (disabled)
- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
<!-- User-EnablePersonalDataEncryption-Begin -->
## EnablePersonalDataEncryption
The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for PDE to be enabled.
<!-- User-EnablePersonalDataEncryption-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- User-EnablePersonalDataEncryption-Applicability-End -->
**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the status will be 0. If all prerequisites are met for PDE, then PDE will be enabled and status will be 1.
<!-- User-EnablePersonalDataEncryption-OmaUri-Begin -->
```User
./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
```
<!-- User-EnablePersonalDataEncryption-OmaUri-End -->
> [!Note]
> The policy is only applicable on Enterprise and Education SKUs.
<!-- User-EnablePersonalDataEncryption-Description-Begin -->
<!-- Description-Source-DDF -->
Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.
<!-- User-EnablePersonalDataEncryption-Description-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|
<!-- User-EnablePersonalDataEncryption-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for PDE to be enabled.
<!-- User-EnablePersonalDataEncryption-Editable-End -->
<!-- User-EnablePersonalDataEncryption-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
<!-- User-EnablePersonalDataEncryption-DFProperties-End -->
<!-- User-EnablePersonalDataEncryption-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 | Disable Personal Data Encryption. |
| 1 | Enable Personal Data Encryption. |
<!-- User-EnablePersonalDataEncryption-AllowedValues-End -->
<!-- User-EnablePersonalDataEncryption-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- User-EnablePersonalDataEncryption-Examples-End -->
<!-- User-EnablePersonalDataEncryption-End -->
<!-- User-Status-Begin -->
## Status
<!-- User-Status-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- User-Status-Applicability-End -->
<!-- User-Status-OmaUri-Begin -->
```User
./User/Vendor/MSFT/PDE/Status
```
<!-- User-Status-OmaUri-End -->
<!-- User-Status-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- User-Status-Description-End -->
<!-- User-Status-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
Reports the current status of Personal Data Encryption (PDE) for the user.
- If prerequisites of PDE aren't met, then the status will be 0.
- If all prerequisites are met for PDE, then PDE will be enabled and status will be 1.
<!-- User-Status-Editable-End -->
<!-- User-Status-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | node |
| Access Type | Get |
<!-- User-Status-DFProperties-End -->
<!-- User-Status-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- User-Status-Examples-End -->
<!-- User-Status-End -->
<!-- User-Status-PersonalDataEncryptionStatus-Begin -->
### Status/PersonalDataEncryptionStatus
<!-- User-Status-PersonalDataEncryptionStatus-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- User-Status-PersonalDataEncryptionStatus-Applicability-End -->
<!-- User-Status-PersonalDataEncryptionStatus-OmaUri-Begin -->
```User
./User/Vendor/MSFT/PDE/Status/PersonalDataEncryptionStatus
```
<!-- User-Status-PersonalDataEncryptionStatus-OmaUri-End -->
<!-- User-Status-PersonalDataEncryptionStatus-Description-Begin -->
<!-- Description-Source-DDF -->
This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.
<!-- User-Status-PersonalDataEncryptionStatus-Description-End -->
<!-- User-Status-PersonalDataEncryptionStatus-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- User-Status-PersonalDataEncryptionStatus-Editable-End -->
<!-- User-Status-PersonalDataEncryptionStatus-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Get |
<!-- User-Status-PersonalDataEncryptionStatus-DFProperties-End -->
<!-- User-Status-PersonalDataEncryptionStatus-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- User-Status-PersonalDataEncryptionStatus-Examples-End -->
<!-- User-Status-PersonalDataEncryptionStatus-End -->
<!-- PDE-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- PDE-CspMoreInfo-End -->
<!-- PDE-End -->
## Related articles
[Configuration service provider reference](configuration-service-provider-reference.md)

42
windows/client-management/mdm/personaldataencryption-ddf-file.md
View File

@ -1,32 +1,29 @@
---
title: PersonalDataEncryption DDF file
description: Learn about the OMA DM device description framework (DDF) for the PersonalDataEncryption configuration service provider.
ms.author: v-nsatapathy
ms.topic: article
title: PDE DDF file
description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 02/17/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/10/2022
ms.reviewer:
manager: dansimp
ms.topic: reference
---
# PersonalDataEncryption DDF file
<!-- Auto-Generated CSP Document -->
This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider.
# PDE DDF file
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
The following XML file contains the device description framework (DDF) for the PDE configuration service provider.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<MSFT:Diagnostics>
</MSFT:Diagnostics>
<Node>
<NodeName>PDE</NodeName>
<Path>./User/Vendor/MSFT</Path>
@ -46,6 +43,11 @@ The XML below is the current version for this CSP.
<DFType>
<DDFName />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0xAB;0xAC;0xB4;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
<NodeName>EnablePersonalDataEncryption</NodeName>
@ -124,4 +126,8 @@ The XML below is the current version for this CSP.
</Node>
</Node>
</MgmtTree>
```
```
## Related articles
[PDE configuration service provider reference](personaldataencryption-csp.md)

4
windows/client-management/mdm/toc.yml
View File

@ -801,10 +801,10 @@ items:
items:
- name: PassportForWork DDF file
href: passportforwork-ddf.md
- name: PersonalDataEncryption
- name: PDE
href: personaldataencryption-csp.md
items:
- name: PersonalDataEncryption DDF file
- name: PDE DDF file
href: personaldataencryption-ddf-file.md
- name: Personalization
href: personalization-csp.md