deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
Frank Rojas 5a904454e7 Update PDE Docs 18
2022-09-19 16:35:04 -04:00

2.1 KiB
Raw Blame History

title, description, author, ms.author, ms.reviewer, manager, ms.topic, ms.prod, ms.technology, ms.localizationpriority, ms.date
title description author ms.author ms.reviewer manager ms.topic ms.prod ms.technology ms.localizationpriority ms.date
Personal Data Encryption (PDE) description Personal Data Encryption (PDE) description include file frankroj frankroj rafals aaroncz how-to windows-client itpro-security medium 09/22/2022

Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.

PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.

PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features.

Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.

Note

PDE is currently only available to developers via PDE APIs. There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE.