mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
Update bitlocker-deployment-comparison.md
Created newly for task 5120578 - Bitlocker Comparison Chart
This commit is contained in:
Lovina Saldanha
parent
86c024a505
commit
fdad2a91e3
@ -1,8 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: BitLocker deployment comparison (Windows 10)
|
title: BitLocker deployment comparison (Windows 10)
|
||||||
description: This article for the IT professional explains how
|
description: This article shows the Bitlocker deployment comparison chart.
|
||||||
BitLocker features can be used to protect your data through drive
|
|
||||||
encryption.
|
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: explore
|
ms.mktglfcycl: explore
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
@ -14,7 +12,7 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 02/28/2019
|
ms.date: 05/20/2021
|
||||||
ms.custom: bitlocker
|
ms.custom: bitlocker
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -24,13 +22,10 @@ ms.custom: bitlocker
|
|||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
|
||||||
This article for the IT professional explains how BitLocker
|
This article for the IT professional depicts the BitLocker deployment comparison chart.
|
||||||
features can be used to protect your data through drive encryption.
|
|
||||||
|
|
||||||
## Bitlocker deployment comparison chart
|
## Bitlocker deployment comparison chart
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
| |Microsoft Intune |Microsoft Endpoint Configuration Manager |Microsoft BitLocker Administration and Monitoring (MBAM)* |
|
| |Microsoft Intune |Microsoft Endpoint Configuration Manager |Microsoft BitLocker Administration and Monitoring (MBAM)* |
|
||||||
|---------|---------|---------|---------|
|
|---------|---------|---------|---------|
|
||||||
|**Requirements**||||
|
|**Requirements**||||
|
||||||
@ -40,52 +35,34 @@ features can be used to protect your data through drive encryption.
|
|||||||
|Supported domain-joined status | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory joined, hybrid Azure AD joined | Active Directory joined |
|
|Supported domain-joined status | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory joined, hybrid Azure AD joined | Active Directory joined |
|
||||||
|Permissions required to manage policies | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
|
|Permissions required to manage policies | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
|
||||||
|Cloud or on premises | Cloud | On premises | On premises |
|
|Cloud or on premises | Cloud | On premises | On premises |
|
||||||
|Server components required? | | | |
|
|Server components required? | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Additional agent required? | No (device enrollment only) | Configuration Manager client | MBAM client |
|
|Additional agent required? | No (device enrollment only) | Configuration Manager client | MBAM client |
|
||||||
|Administrative plane | Microsoft Endpoint Manager
|
|Administrative plane | Microsoft Endpoint Manager admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
|
||||||
admin center | Configuration Manager console | Group Policy Management Console
|
|Administrative portal installation required | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
and MBAM sites |
|
|Compliance reporting capabilities | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Administrative portal installation required | | | |
|
|Force encryption | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Compliance reporting capabilities | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot.png" alt-text="dot"::: | :::image type="content" source="images/dot.png" alt-text="dot"::: |
|
|Encryption for storage cards (mobile) | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | |
|
||||||
|Force encryption | :::image type="content" source="images/dot.png" alt-text="dot"::: | :::image type="content" source="images/dot.png" alt-text="dot"::: | :::image type="content" source="images/dot.png" alt-text="dot"::: |
|
|Allow recovery password | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Encryption for storage cards (mobile) | :::image type="content" source="images/dot.png" alt-text="dot"::: | :::image type="content" source="images/dot.png" alt-text="dot"::: | |
|
|Manage startup authentication | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Allow recovery password | | | |
|
|Select cipher strength and algorithms for fixed drives | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Manage startup authentication | | | |
|
|Select cipher strength and algorithms for removable drives | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Select cipher strength and algorithms for fixed
|
|Select cipher strength and algorithms for operating environment drives | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
drives | | | |
|
|
||||||
|Select cipher strength and algorithms for
|
|
||||||
removable drives | | | |
|
|
||||||
|Select cipher strength and algorithms for operating
|
|
||||||
environment drives | | | |
|
|
||||||
|Standard recovery password storage location | Azure AD or
|
|Standard recovery password storage location | Azure AD or
|
||||||
Active Directory | Configuration Manager site database | MBAM database |
|
Active Directory | Configuration Manager site database | MBAM database |
|
||||||
|Store recovery password for operating system and
|
|Store recovery password for operating system and
|
||||||
fixed drives to Azure AD or Active Directory | Yes (Active Directory and
|
fixed drives to Azure AD or Active Directory | Yes (Active Directory and
|
||||||
Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
|
Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
|
||||||
|Customize preboot message and recovery link | | | |
|
|Customize preboot message and recovery link | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Allow/deny key file creation | | | |
|
|Allow/deny key file creation | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Deny Write permission to unprotected drives | | | |
|
|Deny Write permission to unprotected drives | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Can be administered outside company network | | | |
|
|Can be administered outside company network | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | |
|
||||||
|Support for organization unique IDs | | | |
|
|Support for organization unique IDs | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Self-service recovery | Yes (through Azure AD or
|
|Self-service recovery | Yes (through Azure AD or Company Portal app) | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
Company Portal app) | | |
|
|Recovery password rotation for fixed and operating environment drives | Yes (Windows 10, version 1909 and later) | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Recovery password rotation for fixed and operating environment drives | Yes (Windows 10, version 1909 and later) | | |
|
|Wait to complete encryption until recovery information is backed up to Azure AD | :::image type="content" source="images/dot1.png" alt-text="dot"::: | | |
|
||||||
|Wait to complete encryption until recovery information is backed up to Active Directory | | | |
|
|Wait to complete encryption until recovery information is backed up to Active Directory | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Allow or deny Data Recovery Agent | | | |
|
|Allow or deny Data Recovery Agent | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Unlock a volume using certificate with custom object identifier | | | |
|
|Unlock a volume using certificate with custom object identifier | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Prevent memory overwrite on restart | | | |
|
|Prevent memory overwrite on restart | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Configure custom Trusted Platform Module Platform Configuration Register profiles | | | |
|
|Configure custom Trusted Platform Module Platform Configuration Register profiles | | | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Manage auto-unlock functionality | | | |
|
|Manage auto-unlock functionality | | :::image type="content" source="images/dot1.png" alt-text="dot"::: | :::image type="content" source="images/dot1.png" alt-text="dot"::: |
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|Row6 | | | |
|
|
||||||
|Row7 | | | |
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user