Edit

Share via


Frequently asked questions for Personal Data Encryption

Here are some answers to common questions regarding Personal Data Encryption

General

Can Personal Data Encryption encrypt entire volumes or drives?

No, Personal Data Encryption only encrypts specified files and content.

How are files and content protected by Personal Data Encryption selected?

Personal Data Encryption APIs are used to select which files and content are protected using Personal Data Encryption.

Can users manually encrypt and decrypt files with Personal Data Encryption?

Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section Decrypt encrypted content.

Can Personal Data Encryption protected content be accessed after signing on via a Remote Desktop connection (RDP)?

No, it's not supported to access protected content over RDP.

Can Personal Data Encryption protected content be accessed via a network share?

No, Personal Data Encryption protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.

What encryption method and strength does Personal Data Encryption use?

Personal Data Encryption uses AES-CBC with a 256-bit key to encrypt content.

Personal Data Encryption and other Windows features

What is the relation between Windows Hello for Business and Personal Data Encryption?

During user sign-on, Windows Hello for Business unlocks the keys that Personal Data Encryption uses to protect content.

If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their Personal Data Encryption protected content?

No, the keys used by Personal Data Encryption to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.

Can a file be protected with both Personal Data Encryption and EFS at the same time?

No, Personal Data Encryption and EFS are mutually exclusive.

Is Personal Data Encryption a replacement for BitLocker?

No, it's recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.

Do I need to use OneDrive in Microsoft 365 as my backup provider?

No, Personal Data Encryption doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by Personal Data Encryption to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider.