From 9fe5cfb684fa3e75a51d47369d82abe17ddfe08b Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sun, 5 Nov 2023 04:52:45 -0700
Subject: [PATCH] Update

Signed-off-by: Tommy <contact@tommytran.io>
---
 Windows Security.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Windows Security.md b/Windows Security.md
index 36740e6..892283c 100644
--- a/Windows Security.md	
+++ b/Windows Security.md	
@@ -56,3 +56,15 @@ Probably same as SmartScreen for Microsoft Edge. Might not be as egregious thoug
 ### Exploit protection
 
 Turn Force randomization for images (Mandatory ALSR) to "On by default".
+
+# Device Security
+
+## Security Processor & Secure Boot
+
+If theres aren't on, check the firmware settings. On Parallels, both should pass by default.
+
+## Data encryption
+
+Poor man's Bitlocker. Unless you are using Home edition, turn this off and use Bitlocker proper.
+
+If you sign in with a Microsoft account, "Data Encryption" will submit the key protector to Microsoft (which means that Microsoft can decrypt your device should they get physical access to it). Not sure what happens when you do not login with a Microsoft account, but it is worse than a proper Bitlocker setup anyways (no TPM + PIN/USB drive etc), so just disable it.
\ No newline at end of file