Pervasive Device Encryption is new to me. >From http://technet.microsoft.com/en-us/windows/dn140266.aspx Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on Windodws 8.1 Pro and Windows 8.1 Enterprise. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily take add additional BitLocker protection options and manageability to these devices.
Some quick googling reveals that the device hardware must support it. I think this is a good step forward, but for now it's probably a bit limiting, though from what I just read the integration with BitLocker is pretty nice. OTOH, if it's not being used in a Active Directory environment, it requires a MSFT cloud login, where it will store the encryption keys, which is something the more paranoid among us might wish to consider. See also: http://www.welivesecurity.com/wp-content/uploads/2013/11/Windows_8.1_Security_New_Improved.pdf Kurt On Wed, Feb 12, 2014 at 4:36 PM, Michael B. Smith <[email protected]> wrote: > Windows 8.1 has Pervasive Device Encryption -- i.e., encryption support on > all editions of Windows. > > Win8.1 Pro and Win8.1 Enterprise have BitLocker. > > WinRT 8.1 and Win8.1 (Basic) support encryption natively, if the hardware > supports it (WinRT 8.1 requires that the hardware support it). > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Wednesday, February 12, 2014 7:01 PM > To: [email protected] > Subject: Re: [NTSysADM] Whole Disk Encryption > > BitLocker == Enterprise version of Windows, not Pro. > > However, if you have an EA, then absolutely yes. > > Kurt > > On Wed, Feb 12, 2014 at 3:00 PM, Nash Pherson <[email protected]> wrote: >> Assuming your 70 laptops and workstations running Windows, I would >> highly recommend BitLocker. This can be managed with Group Policy for >> more business needs. Those who own MDOP find some additional value in >> deploying MBAM for providing things like self-service PIN resets. >> >> From: [email protected] >> [mailto:[email protected]] >> On Behalf Of Matt Plahtinsky >> Sent: Wednesday, February 12, 2014 4:22 PM >> To: ntsysadm >> Subject: [NTSysADM] Whole Disk Encryption >> >> Hi guys, >> >> I need to start looking into whole disk encryption for about 70 >> laptops and workstation. Doing some quick googling brings up a ton of >> options. Does anyone have experience managing WDE. I've played with >> TrueCrypt but quickly realized that it's not meant for the enterprise >> and gets to be a pain if you need it for more than a few devices. I >> want software that is centrally managed. A plus would be if it could >> also be deployed to mobile devices like company phones and ipads. >> >> I'm going to start playing with different products but hoped that you >> guys might be able to help me narrow down the search to a few good >> contenders. >> >> Thanks >> >> Matt >
