Windows data protection—Purview Customer Key
All Cloud PCs are encrypted with Azure Storage server-side encryption (SSE) by default. This means all data within the Cloud PCs is automatically encrypted with 256-bit Advanced Encryption Standard (AES) encryption. Therefore, BitLocker is not needed or supported as the Cloud PCs are already encrypted with SSE. On top of that, Windows 365 uses Transport Layer Security (TLS) to ensure the protection of data in transit. Customers can, however, choose to use Purview Customer Key, which offers the flexibility to manage encryption for data at rest.
Use and manage your own encryption key to protect your Cloud PCs. Standard encryption is available with Microsoft-managed keys (sometimes called platform-managed keys).
Figure 9.18: Cloud PC encryption status
You can find the status in the Cloud PC overview – under Encryption status.
Figure 9.19: All Cloud PCs overview
