Data Protection in Windows 11, Windows 10, and Windows 7
Windows 11 and Windows 10
|When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely.||Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.
Network Unlock allows PCs to start automatically when connected to the internal network.
|When BitLocker is enabled, the provisioning process can take several hours.||BitLocker pre-provisioning, encrypting hard drives, and Used Space Only encryption allow administrators to enable BitLocker quickly on new computers.|
|There is no support for using BitLocker with self-encrypting drives (SEDs).||BitLocker supports offloading encryption to encrypted hard drives.|
|Administrators have to use separate tools to manage encrypted hard drives.||BitLocker supports encrypted hard drives with onboard encryption hardware built in, which allows administrators to use the familiar BitLocker administrative tools to manage them.|
|Encrypting a new flash drive can take more than 20 minutes.||Used Space Only encryption in BitLocker To Go allows users to encrypt removable data drives in seconds.|
|BitLocker could require users to enter a recovery key when system configuration changes occur.||BitLocker requires the user to enter a recovery key only when disk corruption occurs or when he or she loses the PIN or password.|
|Users need to enter a PIN to start the PC, and then their password to sign in to Windows.||Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to help protect the BitLocker encryption keys from cold boot attacks.|