You can prevent access to encrypted data by either temporarily or permanently decommissioning a device. Temporarily decommissioning a device removes all Pre-Boot Authentication (PBA) user accounts from the device; the device can be recovered through a PBA override or through the use of an emergency recovery disk. Permanently decommissioning a device erases all data on the encrypted devices; the erased data is unrecoverable.