To open PC info, swipe in from the right edge of the screen, tap Settings, and then tap Change PC settings. If you have upgraded a previous Windows installation to Windows 8.1, you can turn device encryption on by using PC info. If you have performed a clean install of Windows 8.1, device encryption is turned on by default. With this configuration the recovery password will be automatically created when the computer joins the domain, then the recovery key will be backed up to AD DS, the TPM protector is created, and the clear key is removed.įor more information about the recovery key and how to access it, see Recovery keys: Frequently asked questions. The Group Policy setting Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives must be enabled and the option Do not enable BitLocker until recovery information is stored in AD DS for operating system drives should be selected. If the user signs in using a domain account, the clear key is not removed until the user joins the device to a domain (on x86/圆4 platforms) and the recovery key is successfully backed up to Active Directory Domain Services. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key using their Microsoft Account credentials. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created. If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). When a clean install of Windows 8.1 is completed the computer is prepared for first use. The following list outlines the way this is accomplished: Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. UEFISecureBoot.ConnectedStandby- Requirements for TPM 2.0 and Secure Boot for connect standby systems. System.Fundamentals – Connected standby systems requirements. General device encryption requirements. The prerequisites are listed in the following sections: To support device encryption, the system must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems. Device encryption can be used with either a Microsoft Account or a domain account. Device encryption protects the operating system drive and any fixed data drives on the system using AES 128-bit encryption. You can still sign in to Windows and use your files as you normally would. It helps block malicious users from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. Previously this form of encryption was only available on Windows RT devices.ĭevice encryption helps protect data on your Windows PC. In Windows Server 2012 R2 and Windows 8.1, BitLocker offers enhanced support in the following areas:įIPS support for recovery password protectorīitLocker provides support for device encryption on x86 and 圆4-based computers with a TPM that supports connected stand-by. What’s new in BitLocker in Windows Server 2012 and Windows 8 What’s new in BitLocker in Windows Server 2012 R2 and Windows 8.1 This topic for the advanced user and IT professional describes the BitLocker Drive Encryption functionality that is new or changed in Windows Server 2012 R2, Windows Server 2012, Windows 8.1, and Windows 8. Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |