Personal Data Encryption CSP
The Personal Data Encryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP was added in Windows 11, version 22H2.
The following list shows the Personal Data Encryption configuration service provider nodes:
- ./User/Vendor/MSFT/PDE
EnablePersonalDataEncryption
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption
Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.
The UserDataProtectionManager Class public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for Personal Data Encryption to be enabled.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Allowed values:
Value | Description |
---|---|
0 | Disable Personal Data Encryption. |
1 | Enable Personal Data Encryption. |
ProtectFolders
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/ProtectFolders
Description framework properties:
Property name | Property value |
---|---|
Format | node |
Access Type | Get |
ProtectFolders/ProtectDesktop
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDesktop
Allows the Admin to enable Personal Data Encryption on Desktop folder. Set to '1' to set this policy.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: DependsOn Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption Dependency Allowed Value: 1 Dependency Allowed Value Type: ENUM |
Allowed values:
Value | Description |
---|---|
0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. |
1 | Enable Personal Data Encryption on the folder. |
ProtectFolders/ProtectDocuments
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDocuments
Allows the Admin to enable Personal Data Encryption on Documents folder. Set to '1' to set this policy.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: DependsOn Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption Dependency Allowed Value: 1 Dependency Allowed Value Type: ENUM |
Allowed values:
Value | Description |
---|---|
0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. |
1 | Enable Personal Data Encryption on the folder. |
ProtectFolders/ProtectPictures
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/ProtectFolders/ProtectPictures
Allows the Admin to enable Personal Data Encryption on Pictures folder. Set to '1' to set this policy.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: DependsOn Dependency URI: User/Vendor/MSFT/PDE/EnablePersonalDataEncryption Dependency Allowed Value: 1 Dependency Allowed Value Type: ENUM |
Allowed values:
Value | Description |
---|---|
0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. |
1 | Enable Personal Data Encryption on the folder. |
Status
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./User/Vendor/MSFT/PDE/Status
Reports the current status of Personal Data Encryption for the user.
- If prerequisites of Personal Data Encryption aren't met, then the status will be 0.
- If all prerequisites are met for Personal Data Encryption, then Personal Data Encryption will be enabled and status will be 1.
Description framework properties:
Property name | Property value |
---|---|
Format | node |
Access Type | Get |
Status/FolderProtectionStatus
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/Status/FolderProtectionStatus
This node reports folder protection status for a user.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Get |
Allowed values:
Value | Description |
---|---|
0 | Protection not started. |
1 | Protection is completed with no failures. |
2 | Protection in progress. |
3 | Protection failed. |
Status/FoldersProtected
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./User/Vendor/MSFT/PDE/Status/FoldersProtected
This node reports all folders (full path to each folder) that have been protected.
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Get |
Status/PersonalDataEncryptionStatus
Scope | Editions | Applicable OS |
---|---|---|
❌ Device ✅ User |
❌ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./User/Vendor/MSFT/PDE/Status/PersonalDataEncryptionStatus
This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Get |