Let’s learn how to Enable Disable Personal Data Encryption (PDE) on Windows 11 Devices using the Settings Catalog. The settings catalog boasts extensive configurations, offering administrators abundant options to customize and deploy on their devices.
Microsoft Intune settings catalog is a vast toolkit to fine-tune managed devices according to organizational needs and requirements. One notable inclusion in the settings catalog is the option to enable or disable Personal Data Encryption (PDE). This is the new feature that the Microsoft Intune team added as part of Intune 2305 release (quick walkthrough video).
The PDE is Introduced in Windows 11 version 22H2; PDE is a new security feature that enhances encryption capabilities within Windows devices. With PDE, users can benefit from advanced encryption features that offer heightened protection for their data.
With PDE, administrators can selectively encrypt specific files and content, enhancing the security of sensitive information at a granular level. This approach provides flexibility and efficiency, as only the most critical data is encrypted, minimizing overhead and maximizing data protection.
What is Personal Data Encryption or PDE?
Personal data encryption (PDE) is a security feature that Brings an additional layer of encryption capabilities to Windows. By leveraging PDE’s file-level encryption capabilities alongside other encryption methods, administrators can effectively safeguard sensitive data, ensuring a robust and resilient security posture across their Windows environment.
Windows CSP Details EnablePersonalDataEncryption
Let’s see Windows CSP Details for EnablePersonalDataEncryption.The enterprise utilizes the Personal Data Encryption (PDE) configuration service provider (CSP) to safeguard data confidentiality on PCs and devices.
- This specific CSP was introduced with the release of Windows 11, specifically in the version known as 22H2.
| Allowed Value | Description |
|---|---|
| 0 | Disable Personal Data Encryption |
| 1 | Enable Personal Data Encryption |
CSP URI – ./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
Enable Disable Personal Data Encryption on Windows 11 Devices using the Settings Catalog
You can easily Enable Personal Data Encryption on Windows 11 Devices using Intune. By default, the Personal Data Encryption on Windows 11 Devices in Intune settings catalog is Disabled. To Enable Personal Data Encryption using Intune, follow the steps stated below.
- Sign in to the Intune Admin Center portal
- Select Devices > Windows > Configuration profiles > Create a profile.
- In Create Profile, Select Windows 10 and later in Platform, and
- Select Profile Type as Settings catalog. Click on Create button.
On the Basics tab, you can provide a name for the policy as “Personal Data Encryption” Optionally, you can enter a description for the policy and then proceed by selecting the Next button from the below window.
Microsoft Intune provides a comprehensive range of settings and features that empower organizations to customize and manage various aspects of their devices. With Intune, you can enable or disable specific functionalities on different devices deployed throughout your organization.
- Now in Configuration settings, you should click Add Settings to browse or search the catalog for the settings you want to configure.
The settings picker window helps you to search terms to lookup settings by their keywords. Search Personal Data Encryption n the search box of the below window. Select PDE from the search result. The Settings picker window shows only 1 result in the PDE category.
- Check the Enable Personal Data Encryption
Under the Configuration settings page, You can easily Enable Personal Data Encryption. By default, Personal Data Encryption is disabled. Click the Next button from the below window.
| Configuration Settings | Enable/Disable |
|---|---|
| Enable Personal Data Encryption | Toggle the pane to the Right side |
| Disable Personal Data Encryption | Toggle the Pane to the Left side |
Scope tags help you to determine which objects admins can see. Every object in Microsoft Intune needs to have at least one scope tag assigned. Select the Scope tags as default. Click the Next button from the below window.
The Assignments section for creating Personal Data Encryption shows the included and excluded groups. The included groups offer the options such as Add groups, Add all users, and Add all devices.
Note! – When excluding groups, you cannot mix user and service groups across include and exclude.
Within the Review + Create tab, examining the settings you have configured carefully is essential. Once satisfied with the changes, a simple click on the Create button will permanently save your modifications and assign the profile accordingly.
Reference Site – Microsoft Intune New Features in 2305 | Microsoft Learn
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.