mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-23 18:57:22 +00:00
26 lines
1.0 KiB
Markdown
26 lines
1.0 KiB
Markdown
---
|
|
author: paolomatarazzo
|
|
ms.author: paoloma
|
|
ms.date: 09/24/2023
|
|
ms.topic: include
|
|
---
|
|
|
|
### Choose drive encryption method and cipher strength
|
|
|
|
With this policy you can configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.
|
|
|
|
Recommended settings:
|
|
|
|
- For fixed and operating system drives: `XTS-AES` algorithm
|
|
- For removable drives: `AES-CBC 128-bit` or `AES-CBC 256-bit`
|
|
|
|
If you disable or do not configure this policy setting, BitLocker uses the default encryption method of `XTS-AES 128-bit`.
|
|
|
|
> [!WARNING]
|
|
> This policy doesn't apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning.
|
|
|
|
| | Path |
|
|
|--|--|
|
|
| **CSP** | `./Device/Vendor/MSFT/BitLocker/`[EncryptionMethodByDriveType](/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype)|
|
|
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** |
|