Personal Data Encryption CSP

The Personal Data Encryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP was added in Windows 11, version 22H2.

The following list shows the Personal Data Encryption configuration service provider nodes:

EnablePersonalDataEncryption

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption

Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.

The UserDataProtectionManager Class public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for Personal Data Encryption to be enabled.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace

Allowed values:

Value Description
0 Disable Personal Data Encryption.
1 Enable Personal Data Encryption.

ProtectFolders

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/ProtectFolders

Description framework properties:

Property name Property value
Format node
Access Type Get

ProtectFolders/ProtectDesktop

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDesktop

Allows the Admin to enable Personal Data Encryption on Desktop folder. Set to '1' to set this policy.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Dependency [EnablePersonalDataEncryptionDependency] Dependency Type: DependsOn
Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
Dependency Allowed Value: 1
Dependency Allowed Value Type: ENUM

Allowed values:

Value Description
0 Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder.
1 Enable Personal Data Encryption on the folder.

ProtectFolders/ProtectDocuments

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDocuments

Allows the Admin to enable Personal Data Encryption on Documents folder. Set to '1' to set this policy.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Dependency [EnablePersonalDataEncryptionDependency] Dependency Type: DependsOn
Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
Dependency Allowed Value: 1
Dependency Allowed Value Type: ENUM

Allowed values:

Value Description
0 Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder.
1 Enable Personal Data Encryption on the folder.

ProtectFolders/ProtectPictures

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectPictures

Allows the Admin to enable Personal Data Encryption on Pictures folder. Set to '1' to set this policy.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Dependency [EnablePersonalDataEncryptionDependency] Dependency Type: DependsOn
Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
Dependency Allowed Value: 1
Dependency Allowed Value Type: ENUM

Allowed values:

Value Description
0 Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder.
1 Enable Personal Data Encryption on the folder.

Status

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./User/Vendor/MSFT/PDE/Status

Reports the current status of Personal Data Encryption for the user.

  • If prerequisites of Personal Data Encryption aren't met, then the status will be 0.
  • If all prerequisites are met for Personal Data Encryption, then Personal Data Encryption will be enabled and status will be 1.

Description framework properties:

Property name Property value
Format node
Access Type Get

Status/FolderProtectionStatus

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/Status/FolderProtectionStatus

This node reports folder protection status for a user.

Description framework properties:

Property name Property value
Format int
Access Type Get

Allowed values:

Value Description
0 Protection not started.
1 Protection is completed with no failures.
2 Protection in progress.
3 Protection failed.

Status/FoldersProtected

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 24H2 [10.0.26100] and later
./User/Vendor/MSFT/PDE/Status/FoldersProtected

This node reports all folders (full path to each folder) that have been protected.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Get

Status/PersonalDataEncryptionStatus

Scope Editions Applicable OS
❌ Device
✅ User
❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./User/Vendor/MSFT/PDE/Status/PersonalDataEncryptionStatus

This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.

Description framework properties:

Property name Property value
Format int
Access Type Get

Configuration service provider reference