This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard bitlocker encryption

A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?



This thread was automatically locked due to age.
Parents Reply
  • Hi  

    Safeguard Enterprise doesn't have conventional SSO sign in as it is an enterprise-level tool which can not be accessible to everyone in the organization. Safeguard Management Centre is only accessible to the user which is only under the Security Officer tab.

    If you have synchronized your Active Directory to Safeguard management centre, you can promote your AD user as Security Officer to provide access to the Safeguard Management Center. Please refer to this article to know the steps.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Children
  • Hi,

    How do i get detailed logs and reports from Safeguard management center?

     

     

    Regards,

    Subhasri

  • Hi  

    Please refer to this article which provides SQL queries for a few of the reports which are not available as reports in the Safeguard management center. Apart from that, you can refer to this article which explains about reports. You can navigate on the document through the panel in the left hand side.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • You can also easily produce inventory logs from the server, which will show client drive state (encrypted/not) and also encryption type, device last seen etc. No SQL queries are needed for this - it's built into the console.

  • Hi,

    Can you guide me through ,where can i find it in the console.

    There is a tab for reports,but i need the logs of the users who are manged by safeguard management center.

     

     

     

    Regards,

    Subhasri

  • This "basic" report doesn't contain users, but instead the devices. Click on the root of your domain (on the left) Select Inventory on the tabs on right. Click the magnifying glass (without entering a PC/hostname) This will list ALL devices that have reported into SafeGuard. Select one device (anyone - doesn't matter). File - Print Preview - "Calculating print area might take several mins" - Click OK" - When window opens - File - Export Document. Find format you need and save it to view later.

    What data are you looking for with your users? The users of the console or users of the devices that have SafeGuard installed?

     

  • Hi  

     has already suggested the simple way to export the inventory of the Safeguard Management Center. Safeguard manages computers, not the users, so you'll find the computers in the inventory, not the users.

    I am assuming that you want a report for the users who are assigned against the computers in the Safeguard. Please use the below SQL query which will help you to fetch users assigned to the computers:

    -----------------------------

    use SafeGuard

    SELECT USR_ID, USR_LOGON_NAME, USR_FIRST_NAME, USR_LAST_NAME, USR_EMAIL, machines.*

    FROM
    (SELECT SGD_NAME,SGD_ID,UMA_USER_ID,SGD_DSN,SGD_SCHEMA_CLASS_NAME
    FROM Safe_Guard_DIR INNER JOIN
    USR_MACHINE_ASSIGN ON Safe_Guard_DIR.SGD_ID = USR_MACHINE_ASSIGN.UMA_MACHINE_ID) AS MACHINES INNER JOIN USERS ON USERS.USR_ID = MACHINES.UMA_USER_ID

    -----------------------------

    This query is mentioned in the KB article I provided to you above. Please refer to this KB once, so you'll aware about numbers of reports can be generated through the query.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

    How to work with power on authentication in safeguard??And can only username & password can be the only way to boot the machine.

    And one more query windows credential and safeguard credential i need as only one sign in.Is it possible??

     

    Regards,

    Subhasri

  • POA is dependant on OS - It's no longer available in Win10. What OS are you referring to?

     

    I'm afraid the second credential provider (Windows AND SafeGuard) will be visible. It is possible to hide the Windows one but I know this can have a strange impact on the system, and it's critical you appreciate what changes/impacts there are. I went down to route of educating users on "please use the Sophos Cog to log in from now on" approach.

    You must also plan that if you should remove SafeGuard at any point (or you're unable to log in with SafeGuard owing to an error) you'll not be able to log into the machine.

    https://community.sophos.com/kb/en-us/114190

  • If this not going to work on win 10 then how do I protect the drive in my machine?

    What is the use of safeguard in power on authentication??

     

  • Windows 10 (and some versions of Win7/8) use BitLocker and it's this that is managed by Sophos SafeGuard. Previously in earlier OS Sophos did their own disk encryption and POA worked with that.

    So SafeGuard will help you manage BitLocker and store the recovery keys within the console/SQL. The users will see the "standard" BitLocker screen when they power on their devices. They'll enter a PIN (if set by SafeGuard policy) or password (Windows 10 supports passwords for those devices without TPM) and/or TPM can be used. It's also possible to use a USB Startup key too - but my personal opinion is best to stick with TPM/PIN combination if supported.

     

    Hope this helps and clarifies a little?