Hello Peoples,
Why am I getting an event alert "A BitLocker recovery key has been revoked from: BKLAMME-8152Y0C" in the Sophos Cental console whenever I just read the Bitlocker recovery key?
This thread was automatically locked due to age.
Hello Peoples,
Why am I getting an event alert "A BitLocker recovery key has been revoked from: BKLAMME-8152Y0C" in the Sophos Cental console whenever I just read the Bitlocker recovery key?
Hello Yashpal,
Per our documentation:
Recovery key revoked:
A recovery key has been viewed in Sophos Central, so it has been revoked and will be replaced.
Click here for a list of the alerts from Device Encryption.
Here's a general FAQ regarding Device Encryption for Windows:
FAQ on Sophos Central Device Encryption (Windows)
If you require further assistance, could you please provide more information regarding the actions that took place, as well as the Sophos product involved and the environment ?
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hello Yashpal,
Per our documentation:
Recovery key revoked:
A recovery key has been viewed in Sophos Central, so it has been revoked and will be replaced.
Click here for a list of the alerts from Device Encryption.
Here's a general FAQ regarding Device Encryption for Windows:
FAQ on Sophos Central Device Encryption (Windows)
If you require further assistance, could you please provide more information regarding the actions that took place, as well as the Sophos product involved and the environment ?
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi Barb,
Thanks for the response!
So, if I want to check if the recovery key is received or not and click on "Retrieve Recovery Key" in the console, the key gets revoked? When will the console receive a new key?
Hello Yashpal,
Per the FAQ KB:
How often does the device synchronize with the backend?
Approximately every 30 seconds.
So next time you view the key, this process will restart (you will see the key, it will get revoked and a new one will be created).
Please let me know if you have additional questions, or if this answers your query.
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hello Barb,
What if i can see the recovery Key when i click Retrieve recovery key but not getting any alert that it is revoked.
Because, user can use the recovery Key but when user change the password (referring to MAC), he cannot login with new password but can login with the same recovery Key.
What should be done in this case ?
Agent on the client end is latest and receiving all the latest scan and updated events.
Regards,
Balarama Kishore Yerra
Hi balaramyerra,
For Mac, please have a look at this entry, and let me know if it helps:
Recover Mac endpoints
Here's the Mac Encryption FAQ for more info:
Sophos Central Device Encryption: Mac FAQ
If you need further assistance please provide more information regarding the issue, the MacOS version, and the Sophos version installed.
Thanks!
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi Barb,
Answer to my query is not listed there.
Mac OS Version 10.14
Sophos Agent Version 9.9.2
Regards,
Balarama Kishore Yerra
Hi balaramyerra,
Regarding Mac encryption please review this this Apple article:
https://support.apple.com/en-in/HT204837
Regarding Sophos Central recovery key, please see below and let us know which steps you are following, and where are you getting stuck, so that we can better assist you.
Here's how to recover the key and change a password:
Retrieve recovery key (Mac)
Note that:
On endpoints running macOS 10.12 or earlier, a new recovery key is created and stored in Sophos Central. A recovery key can only be used once. If you need to recover a computer again later, you need to retrieve a new recoverykey.
On endpoints running macOS 10.13 and Apple File System (APFS), no new recovery key is created. The existing recovery key remains valid.
Thanks!
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi Barb,
"On endpoints running macOS 10.13 and Apple File System (APFS), no new recovery key is created. The existing recovery key remains valid."
As per this statement, will Sophos create an event in console that its been revoked once we check recovery key from console end ?
Regards,
Balarama Kishore Yerra
Hello balaramyerra
Sophos will not create an event in the console for MAC machines as a revoke mechanism is only for the Windows Operating system which uses Bitlocker as their native encryption.
Regards,
Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link