deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-23 10:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md
Paolo Matarazzo ee56ae5d32 moving to includes
2023-09-24 09:09:20 -04:00

1.0 KiB
Raw Blame History

author, ms.author, ms.date, ms.topic
author ms.author ms.date ms.topic
paolomatarazzo paoloma 09/24/2023 include

Choose drive encryption method and cipher strength

With this policy you can configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.

Recommended settings:

  • For fixed and operating system drives: XTS-AES algorithm
  • For removable drives: AES-CBC 128-bit or AES-CBC 256-bit

If you disable or do not configure this policy setting, BitLocker uses the default encryption method of XTS-AES 128-bit.

Warning

This policy doesn't apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning.

Path
CSP ./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType
GPO Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption