the article on the link below is not clear if that product can handle/protect Windows Servers. Can anyone confirm? We have an environment with Windows Server 2008 R2 and also Windows Server 2012 R2.
>>> If not, how to protect Windows server which maybe physically stoled???
It’s possible to use BitLocker drive encryption policies from Active Directory in order to trigger encryption of these server OS'. The management of Recovery Keys will be done by your AD…
Thank you for contacting the Sophos Community.
Central Device Encryption does not support servers, only Windows Endpoints.
You could manage it via Bitlocker, but Central will not manage these settings.
Can I use BITLOCKER on Windows servers and also use Sophos Central Device Encryption to manage Workstation for this same environment??
It’s possible to use BitLocker drive encryption policies from Active Directory in order to trigger encryption of these server OS'. The management of Recovery Keys will be done by your AD environment if done this way. https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/deploy-management-agent
Configure BitLocker Management Services: When you turn on this setting, Configuration Manager automatically and silently backs up key recovery information in the site database. If you turn off or don't configure this setting, Configuration Manager doesn't save key recovery information.
Sophos CDE for management of keys won’t be possible on the Server OS'. CDE is only able to record workstation recovery keys.