Edit

Share via

Frequently asked questions for Personal Data Encryption

Here are some answers to common questions regarding Personal Data Encryption

General

Can Personal Data Encryption encrypt entire volumes or drives?

No, Personal Data Encryption only encrypts specified files and content.

How are files and content protected by Personal Data Encryption selected?

Personal Data Encryption APIs are used to select which files and content are protected using Personal Data Encryption.

Can users manually encrypt and decrypt files with Personal Data Encryption?

Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section Decrypt encrypted content.

Can Personal Data Encryption protected content be accessed after signing on via a Remote Desktop connection (RDP)?

No, it's not supported to access protected content over RDP.

Can Personal Data Encryption protected content be accessed via a network share?

No, Personal Data Encryption protected content can only be accessed after signing on locally to Windows with Windows Hello credentials.

What encryption method and strength does Personal Data Encryption use?

Personal Data Encryption uses AES-CBC with a 256-bit key to encrypt content.

Personal Data Encryption and other Windows features

What is the relation between Windows Hello for Business and Personal Data Encryption?

During user sign-on, Windows Hello unlocks the keys that Personal Data Encryption uses to protect content.

If a user signs into Windows with a password instead of Windows Hello, will they be able to access their Personal Data Encryption protected content?

No, the keys used by Personal Data Encryption to encrypt content are protected by Windows Hello credentials and can only be unlocked when signing on with Windows Hello (PIN or biometrics).

Can a file be protected with both Personal Data Encryption and EFS at the same time?

No, Personal Data Encryption and EFS are mutually exclusive.

Is Personal Data Encryption a replacement for BitLocker?

No, it's recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.

Do I need to use OneDrive in Microsoft 365 as my backup provider?

No, Personal Data Encryption doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by Personal Data Encryption to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.

Are the files encrypted by Personal Data Encryption synced to OneDrive in an encrypted form?

Personal Data Encryption ensures that files are protected from unauthorized access by encrypting them at rest. When files are synced to OneDrive, they are transferred over a secure connection. However, Personal Data Encryption's encryption only applies to local data saved to the disk. Applications accessing the files, including OneDrive when it syncs data, get cleartext data. This means that while Personal Data Encryption protects files on the local disk, the files synced to OneDrive are not encrypted by Personal Data Encryption in the cloud.