Share via

Windows 365 disk and data encryption issue

Sumit Kumar Mishra 41 Reputation points
2023-10-19T04:16:38.8133333+00:00

Hello,

I am somewhat confused by the disk encryption technique used in Microsoft 365 Cloud PC. In a Microsoft article, they state that they secure Windows 365 Cloud PC disks with Azure storage server-side encryption.

I've deployed several Cloud PCs within my tenant and checked the encryption method using a command like 'manage-bde -status,' and it indicates that the disk is fully decrypted. Additionally, there are no padlock symbols displayed on the OS or data drives. Below is the screenshot:

This has left me confused because, in the same article, I found a statement that says, "Bitlocker is not supported as an encryption option for Windows 365 Cloud PCs."

I'm in need of a clear understanding of how the encryption of Windows 365 Cloud PC disks or data actually functions.

And how we can find the recovery keys?

Your help would be appreciated. Thanks

Windows 365 Enterprise
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 46,266 Reputation points Microsoft Vendor
    2023-10-19T06:05:24.18+00:00

    @Sumit Kumar Mishra, Thanks for posting in Q&A.

    Windows 365 Cloud PC disks are encrypted with Azure Storage server-side encryption (SSE). This storage layer encryption provides automatic encryption of data at rest on your Microsoft-hosted Cloud PC's disk. The encryption is transparently applied using 256-bit Advanced Encryption Standard (AES) encryption, a modern block cipher, and is FIPS 140-2 compliant. The encryption is applied to every Cloud PC in every region at no extra cost. Disks, snapshots, and images are automatically encrypted-at-rest with platform-managed keys.

    https://learn.microsoft.com/en-us/windows-365/enterprise/encryption#data-encryption-in-windows-365

    Windows 365 as a service treats all data stored on Windows 365 disks as customer content. For command "manage-bde -status", it provide information that all drives on the computer; whether or not they are BitLocker-protected. But as BitLocker is not supported as an encryption option for Windows 365 Cloud PCs. . So we see the disk is fully decrypted.

    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-status

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.