We’re delighted to announce the launch of Central Device Encryption 2.0 for Windows. Among the great new functionality is secure document sharing – enabling users to encrypt Outlook attachments and files before sharing them with internal or external colleagues. Admin enhancements include the ability to prompt for a BitLocker password reset, along with greater visibility into device encryption types. Read on for more details!
Please note, these features are Windows only.
With a few clicks, users can create a password-protected file. Encrypted files can only be opened by a recipient with the correct password, they simply need a web browser and valid password to access the documents. Furthermore, a new Outlook add-in enables users to encrypt email attachments before sharing them with internal or external colleagues, safe in the knowledge they remain secure.
Prompt users to change BitLocker passwords on a regular basis. Admins select the desired reset frequency and receive alerts for users who choose to repeatedly postpone the password change. An immediate password reset prompt can also be sent to specific devices.
Sophos Central now provides details of encryption type, either software-based or hardware-based, along with the algorithm used. For example, admins can see that a device’s hard drive has been encrypted using software-based AES 256-bit encryption.
Sophos Central Device Encryption will now apply software-based encryption by default, even if devices support hardware-based encryption. Note that existing devices, already encrypted with hardware based encryption, will not be affected.
Could we get the option to right click and encrypt folders just like the file context menu password encrypt??
I presume the process/algorithm for attachment encryption is Bitlocker/XTS-AES 256?
What process/algorithm is used to encrypt/password protect email attachments? Is it Bitlocker, and therefore XTS-AES 256?
Hi Philippe. You make a good point, we'll take this into account as we plan future versions.
I like the new reporting, that we now can see what methods are used for encryption. Will you also add the ability to force these settings? Right now we still need to set these through GPO. It would be easier to not have to change Bitlocker settings in two places (Central and GPO)