Is Windows-365 HIPAA compliant?

New Contributor

Are either the "Business" and/or "Enterprise" versions of Windows-365 HIPAA compliant? Wouldn't it be true that, if BitLocker *could* be enabled within a Windows-365 virtual desktop (even on a Windows-365 "Business" plan), that would go a long way towards HIPAA compliance? Assuming so, then is it possible to enable BitLocker within a Windows-365 virtual desktop?

 

From what I can tell, it might be possible to enable BitLocker within a Windows-365 virtual desktop via either of these options:

1) "Trusted Launch for Azure virtual machines," which supplies the vTPM for BitLocker purposes (although I am not sure if the "Trusted Launch" feature is compatible with a Windows-365 "Business" plan based virtual desktop, or only an "Enterpise" one?) > https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch   Or.....

2) Use the Local Group Policy Editor within a Windows-365 virtual desktop to disable the "“Require additional authentication at startup” option for BitLocker. > https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/   But with this second option, I am unsure if we get access to (or not) the required pre-boot password screen of BitLocker, on a Windows-365 virtual desktop?  Probably not via an RDP connection, but maybe for the "browser streaming" type Windows-365 connection?

 

I am asking on behalf of a small (single doctor based) medical clinic, and so they a definitely a "Small Business," and not an "Enterprise."  However, it seems like if you need HIPAA compliance these days, you are instantly an "Enterprise," regardless of your business entity's actual size.

 

Thanks in advance for any assistance here!

 

2 Replies

@brianchris 

 

We were looking to enable Bitlocker on Windows 365 and came across your post.  Per this link Windows 365 is in the HIPAA/HITECH list - https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech

 

I assume since the underlying disks as well as the VHD for each VM are encrypted.

 

@Arnaz 

same problem in our ebvironment, can't enable bitlocker and also secureboot is shown as off

It was mentioned during Ignite sessions that W365 has fully trustedlaunchVM capabilities so secureboot and fully virtualization based security should be possible?