Here are some answers to common questions regarding Personal Data Encryption
No, Personal Data Encryption only encrypts specified files and content.
Personal Data Encryption APIs are used to select which files and content are protected using Personal Data Encryption.
Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section Decrypt encrypted content.
Can Personal Data Encryption protected content be accessed after signing on via a Remote Desktop connection (RDP)?
No, it's not supported to access protected content over RDP.
No, Personal Data Encryption protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
Personal Data Encryption uses AES-CBC with a 256-bit key to encrypt content.
During user sign-on, Windows Hello for Business unlocks the keys that Personal Data Encryption uses to protect content.
If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their Personal Data Encryption protected content?
No, the keys used by Personal Data Encryption to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
No, Personal Data Encryption and EFS are mutually exclusive.
No, it's recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
No, Personal Data Encryption doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by Personal Data Encryption to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.