This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard bitlocker encryption

A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi  

    If you have installed any of the other product then Sophos Central Device Encryption or Sophos Safeguard on your machines, Sophos will not be able to manage it.

    Sophos manages Bitlocker (for windows OS) and FileVault (for Mac OS) which are native encryption technologies provided by Microsoft and Apple respectively.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin,

    Thanks for the reply.And 1 more query can we encrypt a target machine without bit locker?

    and Feature Difference between Standalone Bitlocker Encryption & Sophos + Bitlocker Encryption?

    Can you explain in brief

    Regards,

    Subhasri

  • Hi  

    There are two products from Sophos available for encryption. Sophos Central device Encryption (CDE) and Sophos Safeguard Encryption (Safeguard).

    CDE has the only volume-based encryption (or Full Disk Encryption). It is just a module which manages the Bitlocker and FileVault and keeps the recovery key of the volumes which are encrypted on the machines. 

    Safeguard provides Volume-based encryption and File encryption. Till Safeguard version 8.10, we had support to the Windows 7 systems where Bitlocker is not provided by Microsoft as native encryption. On those machines, we have our Encryption method to encrypt the drives but Windows 10 onwards BitLocker is default native encryption method provided by Microsoft, so Safeguard just manages it. From Safeguard version 8.20, you can only have Windows 10 support for this version.

    File Encryption is continued in the version 8.20 which provides encryption for cloud-based files, local files, network mapped folders. File encryption doesn't use Bitlocker. It is done through the safeguard encryption method.

    If you want to use simple BitLocker and volume-based encryption, you can go for Sophos central device encryption. If you want to have volume-based and file encryption both implemented in your organization, you can go for Safeguard Encryption which provides Bitlcoker and Sophos Encryption functionality for respective Encryption type.

    For more information on Sophos Central Device Encryption, please refer to this article.

    For more information on Sophos Safeguard, please refer to this article.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hey hi,

    Thanks for the clarification.

    How do you encrypt a drive in a machine without bitlocker? with safeguard.is it possible

    And Tamper pratection is the only Way to recover a password in endpoint ?

     

    Regards,

    Subhasri

  • Hi  

    It is possible to encrypt the drive with Safeguard till Safeguard version 8.10 for Windows 7 except Windows 7 enterprise and ultimate edition where Bitlocker is provided feature by Microsoft.

    Could you please elaborate more about your question for endpoint?

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • okay...C if we have a user machine protected by sophos endpoint,the user has forgotten the password or he has left the organisation,in this case how will i recover the endpoint password??

     

    And if a machine doesnt have bitlocker in it then how do i encrypt?

  • Hi  

    Tamper protection is only for the limited administration for Sophos Endpoint client not for the windows operating system.

    If your user set the password on windows credential provider to enter into the OS, tamper protection can't do anything there. To turn off tamper protection password for the client, you can follow this article.

    If the Machine without BitLocker is windows 7, it can be encrypted with Safeguard 8.10 version which has safeguard encryption for those machines.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

    Thanks for the clarification.Okay if a machine is encrypted with safeguard bitlocker and the password is lost how can i recover it??

    is it Through the recovery key in management center?

     

    Regards,

    Subhasri

  • Hi  

    Yes, you can have a recovery key through the Sophos management centre.

    Please refer to this document which has covered all the types of recovery scenarios.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

    Can you explain about Integrating with Active Directory for SSO.

    If I am going to mange from management server for encryption in safeguard

     

    Regards,

    Subhasri