Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 12 subscribers
  • Views 4007 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forcing Encryption on external storage devices

RyanHosiassohn

Hey Guys, 

Does anyone know if there's a way to make Sophos central encrypt external storage devices when connected to a host machine ? 

I see this could be done on the other On prem version but bot Sophos central ? 

I would think this should be a standard for DLP.

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As of now You can apply Central Device Encryption to system volumes and fixed data volumes but not devices which are treated as removable media. BitLocker can be used to encrypt such as system volumes and fixed data volumes and these encrypted clients can be managed via the central console.

    Encrypting the external storage devices is not possible with Central Device encryption. Please refer the below KBA for more details.

    FAQ on Sophos Central Device Encryption (Windows)

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Thanks for the info. 

    Ok, So my next question is more for the Bitlocker side of things.

    Because Sophos encryption uses Bitlocker. this gives an option for the use of Bitlocker to Go on removable media. 

    If I enable bitlocker to go on a removable drive and have the Key saved on the local AD, Would this correctly save these keys to the user profile and once saved would it decrypt the drive once the user has logged into the PC, So in essence would the encrypted removable device de-crypt using the key stored on the AD after the user has been authenticated ? 

  • 0 in reply to RyanHosiassohn

    Hi  

    Unfortunately, when you use BitLocker to go to encrypt the removable drives and the save the keys in the local AD, it is not saved with the user profile in Sophos central. Thus the BitLocker to go keys or the removable volumes will not be managed by Central Device Encryption.

    You can vote the existing feature request to Alerting and Bitlocker to Go

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply Children
Unfiltered HTML