A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?
This thread was automatically locked due to age.
A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?
Hi SUBHASRI D
If you have installed any of the other product then Sophos Central Device Encryption or Sophos Safeguard on your machines, Sophos will not be able to manage it.
Sophos manages Bitlocker (for windows OS) and FileVault (for Mac OS) which are native encryption technologies provided by Microsoft and Apple respectively.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi Jasmin,
Thanks for the reply.And 1 more query can we encrypt a target machine without bit locker?
and Feature Difference between Standalone Bitlocker Encryption & Sophos + Bitlocker Encryption?
Can you explain in brief
Regards,
Subhasri
Hi SUBHASRI D
There are two products from Sophos available for encryption. Sophos Central device Encryption (CDE) and Sophos Safeguard Encryption (Safeguard).
CDE has the only volume-based encryption (or Full Disk Encryption). It is just a module which manages the Bitlocker and FileVault and keeps the recovery key of the volumes which are encrypted on the machines.
Safeguard provides Volume-based encryption and File encryption. Till Safeguard version 8.10, we had support to the Windows 7 systems where Bitlocker is not provided by Microsoft as native encryption. On those machines, we have our Encryption method to encrypt the drives but Windows 10 onwards BitLocker is default native encryption method provided by Microsoft, so Safeguard just manages it. From Safeguard version 8.20, you can only have Windows 10 support for this version.
File Encryption is continued in the version 8.20 which provides encryption for cloud-based files, local files, network mapped folders. File encryption doesn't use Bitlocker. It is done through the safeguard encryption method.
If you want to use simple BitLocker and volume-based encryption, you can go for Sophos central device encryption. If you want to have volume-based and file encryption both implemented in your organization, you can go for Safeguard Encryption which provides Bitlcoker and Sophos Encryption functionality for respective Encryption type.
For more information on Sophos Central Device Encryption, please refer to this article.
For more information on Sophos Safeguard, please refer to this article.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
It is possible to encrypt the drive with Safeguard till Safeguard version 8.10 for Windows 7 except Windows 7 enterprise and ultimate edition where Bitlocker is provided feature by Microsoft.
Could you please elaborate more about your question for endpoint?
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
okay...C if we have a user machine protected by sophos endpoint,the user has forgotten the password or he has left the organisation,in this case how will i recover the endpoint password??
And if a machine doesnt have bitlocker in it then how do i encrypt?
Hi SUBHASRI D
Tamper protection is only for the limited administration for Sophos Endpoint client not for the windows operating system.
If your user set the password on windows credential provider to enter into the OS, tamper protection can't do anything there. To turn off tamper protection password for the client, you can follow this article.
If the Machine without BitLocker is windows 7, it can be encrypted with Safeguard 8.10 version which has safeguard encryption for those machines.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
Yes, you can have a recovery key through the Sophos management centre.
Please refer to this document which has covered all the types of recovery scenarios.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
For the information regarding the Active Directory synchronization with Safeguard management center, please refer to this article. You can also refer anything regarding the Safeguard Enterprise in this article.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
For the information regarding the Active Directory synchronization with Safeguard management center, please refer to this article. You can also refer anything regarding the Safeguard Enterprise in this article.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
Safeguard Enterprise doesn't have conventional SSO sign in as it is an enterprise-level tool which can not be accessible to everyone in the organization. Safeguard Management Centre is only accessible to the user which is only under the Security Officer tab.
If you have synchronized your Active Directory to Safeguard management centre, you can promote your AD user as Security Officer to provide access to the Safeguard Management Center. Please refer to this article to know the steps.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi SUBHASRI D
Please refer to this article which provides SQL queries for a few of the reports which are not available as reports in the Safeguard management center. Apart from that, you can refer to this article which explains about reports. You can navigate on the document through the panel in the left hand side.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
You can also easily produce inventory logs from the server, which will show client drive state (encrypted/not) and also encryption type, device last seen etc. No SQL queries are needed for this - it's built into the console.
Hi,
Can you guide me through ,where can i find it in the console.
There is a tab for reports,but i need the logs of the users who are manged by safeguard management center.
Regards,
Subhasri
This "basic" report doesn't contain users, but instead the devices. Click on the root of your domain (on the left) Select Inventory on the tabs on right. Click the magnifying glass (without entering a PC/hostname) This will list ALL devices that have reported into SafeGuard. Select one device (anyone - doesn't matter). File - Print Preview - "Calculating print area might take several mins" - Click OK" - When window opens - File - Export Document. Find format you need and save it to view later.
What data are you looking for with your users? The users of the console or users of the devices that have SafeGuard installed?
Hi SUBHASRI D
MichaelMcLannahan has already suggested the simple way to export the inventory of the Safeguard Management Center. Safeguard manages computers, not the users, so you'll find the computers in the inventory, not the users.
I am assuming that you want a report for the users who are assigned against the computers in the Safeguard. Please use the below SQL query which will help you to fetch users assigned to the computers:
-----------------------------
use SafeGuard
SELECT USR_ID, USR_LOGON_NAME, USR_FIRST_NAME, USR_LAST_NAME, USR_EMAIL, machines.*
FROM
(SELECT SGD_NAME,SGD_ID,UMA_USER_ID,SGD_DSN,SGD_SCHEMA_CLASS_NAME
FROM Safe_Guard_DIR INNER JOIN
USR_MACHINE_ASSIGN ON Safe_Guard_DIR.SGD_ID = USR_MACHINE_ASSIGN.UMA_MACHINE_ID) AS MACHINES INNER JOIN USERS ON USERS.USR_ID = MACHINES.UMA_USER_ID
-----------------------------
This query is mentioned in the KB article I provided to you above. Please refer to this KB once, so you'll aware about numbers of reports can be generated through the query.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Hi,
How to work with power on authentication in safeguard??And can only username & password can be the only way to boot the machine.
And one more query windows credential and safeguard credential i need as only one sign in.Is it possible??
Regards,
Subhasri
POA is dependant on OS - It's no longer available in Win10. What OS are you referring to?
I'm afraid the second credential provider (Windows AND SafeGuard) will be visible. It is possible to hide the Windows one but I know this can have a strange impact on the system, and it's critical you appreciate what changes/impacts there are. I went down to route of educating users on "please use the Sophos Cog to log in from now on" approach.
You must also plan that if you should remove SafeGuard at any point (or you're unable to log in with SafeGuard owing to an error) you'll not be able to log into the machine.