Edit

Frequently asked questions for Personal Data Encryption (PDE)

Here are some answers to common questions regarding Personal Data Encryption (PDE)

General

Can PDE encrypt entire volumes or drives?

No, PDE only encrypts specified files and content.

How are files and content protected by PDE selected?

PDE APIs are used to select which files and content are protected using PDE.

Can users manually encrypt and decrypt files with PDE?

Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section Decrypt PDE-encrypted content.

Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)?

No, it's not supported to access PDE-protected content over RDP.

Can PDE protected content be accessed via a network share?

No, PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.

What encryption method and strength does PDE use?

PDE uses AES-CBC with a 256-bit key to encrypt content.

PDE and other Windows features

What is the relation between Windows Hello for Business and PDE?

During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content.

If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?

No, the keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.

Can a file be protected with both PDE and EFS at the same time?

No, PDE and EFS are mutually exclusive.

Is PDE a replacement for BitLocker?

No, it's recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.

Do I need to use OneDrive in Microsoft 365 as my backup provider?

No, PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.