|
| 1 | +--- |
| 2 | +# required metadata |
| 3 | +title: Data encryption in Windows 365 |
| 4 | +titleSuffix: |
| 5 | +description: Learn about data encryption in Windows 365. |
| 6 | +keywords: |
| 7 | +author: ErikjeMS |
| 8 | +ms.author: erikje |
| 9 | +manager: dougeby |
| 10 | +ms.date: 01/05/2022 |
| 11 | +ms.topic: overview |
| 12 | +ms.service: cloudpc |
| 13 | +ms.subservice: |
| 14 | +ms.localizationpriority: high |
| 15 | +ms.technology: |
| 16 | +ms.assetid: |
| 17 | + |
| 18 | +# optional metadata |
| 19 | + |
| 20 | +#ROBOTS: |
| 21 | +#audience: |
| 22 | + |
| 23 | +ms.reviewer: anbiswas |
| 24 | +ms.suite: ems |
| 25 | +search.appverid: MET150 |
| 26 | +#ms.tgt_pltfrm: |
| 27 | +ms.custom: intune-azure; get-started |
| 28 | +ms.collection: M365-identity-device-management |
| 29 | +--- |
| 30 | + |
| 31 | +# Data encryption in Windows 365 |
| 32 | + |
| 33 | +Windows 365 encrypts data at rest and in transit as explained below. |
| 34 | + |
| 35 | +## Encryption of data at rest |
| 36 | + |
| 37 | +To help you protect your organization's data, Windows 365 Enterprise and Business Cloud PC disks are encrypted with [Azure Storage server-side encryption (SSE)](/azure/storage/common/storage-service-encryption). |
| 38 | + |
| 39 | +This storage layer encryption provides the following benefits: |
| 40 | + |
| 41 | +- When persisting data to the cloud, data at rest on your Microsoft-hosted Cloud PC's disk is automatically encrypted. |
| 42 | +- Windows 365 Cloud PC disks are encrypted transparently using 256-bit Advanced Encryption Standard (AES) encryption, a modern block cipher, and is FIPS 140-2 compliant. The encryption at this layer doesn't impact Cloud PC performance. |
| 43 | +- The encryption is applied to every Cloud PC in every region at no extra cost. |
| 44 | + |
| 45 | +The following Windows 365 Enterprise and Business objects are automatically encrypted-at-rest with platform-managed keys: |
| 46 | + - Disks |
| 47 | + - Snapshots |
| 48 | + - Images |
| 49 | + |
| 50 | +Windows 365 as a service treats all data stored on Windows 365 disks as customer content. For more information, see [Privacy and personal data in Windows 365](/windows-365/enterprise/privacy-personal-data). |
| 51 | + |
| 52 | +## Encryption of data in transit |
| 53 | + |
| 54 | +Windows 365 uses the Transport Layer Security (TLS) protocol to protect data in transit. TLS provides: |
| 55 | + |
| 56 | +- Strong authentication |
| 57 | +- Message privacy and integrity (enabling detection of message tampering, interception, and forgery) |
| 58 | +- Interoperability |
| 59 | +- Algorithm flexibility |
| 60 | +- Ease of deployment and use |
| 61 | + |
| 62 | +TLS 1.2 is used for all connections started from Windows 365 to the Azure Virtual Desktop infrastructure components. These components use the same TLS 1.2 ciphers as [Azure Front Door](/azure/frontdoor/concept-end-to-end-tls#supported-cipher-suites). |
| 63 | + |
| 64 | +<!-- ########################## --> |
| 65 | +## Next steps |
| 66 | + |
| 67 | +For more information about the cryptographic modules underlying Azure managed disks, see [Cryptography API: Next Generation](/windows/desktop/seccng/cng-portal). |
| 68 | + |
| 69 | +For more information on network connectivity and encryption of the RDP remoting connection, see [Understanding Azure Virtual Desktop network connectivity](/azure/virtual-desktop/network-connectivity). |
0 commit comments