From 1863c622cd32594f1071e26df37a48ce095390bd Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 14 Nov 2023 14:18:42 -0700
Subject: [PATCH] Mention the disable new DMA devices policy

Signed-off-by: Tommy <contact@tommytran.io>
---
 .../Windows Components/Bitlocker Drive Encryption.md          | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md
index bc4aeb3..4b70d3b 100644
--- a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md	
+++ b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md	
@@ -4,7 +4,9 @@
 
 Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.
 
+**The disable new DMA devices when computer is locked should only be enabled if your computer does not support kernel DMA protection.**
+
 ## Operating System Drives
 
 - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
-- Allow enhanced PINs for startup -> Enabled.
+- Allow enhanced PINs for startup -> Enabled.
\ No newline at end of file