Safeguard bitlocker encryption

A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?

  • Any update on this??

  • In reply to SUBHASRI D:

    Hi  

    If you have installed any of the other product then Sophos Central Device Encryption or Sophos Safeguard on your machines, Sophos will not be able to manage it.

    Sophos manages Bitlocker (for windows OS) and FileVault (for Mac OS) which are native encryption technologies provided by Microsoft and Apple respectively.

  • In reply to Jasmin:

    Hi Jasmin,

    Thanks for the reply.And 1 more query can we encrypt a target machine without bit locker?

    and Feature Difference between Standalone Bitlocker Encryption & Sophos + Bitlocker Encryption?

    Can you explain in brief

    Regards,

    Subhasri

  • In reply to SUBHASRI D:

    Hi  

    There are two products from Sophos available for encryption. Sophos Central device Encryption (CDE) and Sophos Safeguard Encryption (Safeguard).

    CDE has the only volume-based encryption (or Full Disk Encryption). It is just a module which manages the Bitlocker and FileVault and keeps the recovery key of the volumes which are encrypted on the machines. 

    Safeguard provides Volume-based encryption and File encryption. Till Safeguard version 8.10, we had support to the Windows 7 systems where Bitlocker is not provided by Microsoft as native encryption. On those machines, we have our Encryption method to encrypt the drives but Windows 10 onwards BitLocker is default native encryption method provided by Microsoft, so Safeguard just manages it. From Safeguard version 8.20, you can only have Windows 10 support for this version.

    File Encryption is continued in the version 8.20 which provides encryption for cloud-based files, local files, network mapped folders. File encryption doesn't use Bitlocker. It is done through the safeguard encryption method.

    If you want to use simple BitLocker and volume-based encryption, you can go for Sophos central device encryption. If you want to have volume-based and file encryption both implemented in your organization, you can go for Safeguard Encryption which provides Bitlcoker and Sophos Encryption functionality for respective Encryption type.

    For more information on Sophos Central Device Encryption, please refer to this article.

    For more information on Sophos Safeguard, please refer to this article.

  • In reply to Jasmin:

    Hey hi,

    Thanks for the clarification.

    How do you encrypt a drive in a machine without bitlocker? with safeguard.is it possible

    And Tamper pratection is the only Way to recover a password in endpoint ?

     

    Regards,

    Subhasri

  • In reply to SUBHASRI D:

    Hi  

    It is possible to encrypt the drive with Safeguard till Safeguard version 8.10 for Windows 7 except Windows 7 enterprise and ultimate edition where Bitlocker is provided feature by Microsoft.

    Could you please elaborate more about your question for endpoint?

  • In reply to Jasmin:

    okay...C if we have a user machine protected by sophos endpoint,the user has forgotten the password or he has left the organisation,in this case how will i recover the endpoint password??

     

    And if a machine doesnt have bitlocker in it then how do i encrypt?

  • In reply to SUBHASRI D:

    Hi  

    Tamper protection is only for the limited administration for Sophos Endpoint client not for the windows operating system.

    If your user set the password on windows credential provider to enter into the OS, tamper protection can't do anything there. To turn off tamper protection password for the client, you can follow this article.

    If the Machine without BitLocker is windows 7, it can be encrypted with Safeguard 8.10 version which has safeguard encryption for those machines.

  • In reply to Jasmin:

    Hi,

    Thanks for the clarification.Okay if a machine is encrypted with safeguard bitlocker and the password is lost how can i recover it??

    is it Through the recovery key in management center?

     

    Regards,

    Subhasri

  • In reply to SUBHASRI D:

    Hi  

    Yes, you can have a recovery key through the Sophos management centre.

    Please refer to this document which has covered all the types of recovery scenarios.

  • In reply to Jasmin:

    Hi,

    Can you explain about Integrating with Active Directory for SSO.

    If I am going to mange from management server for encryption in safeguard

     

    Regards,

    Subhasri

  • In reply to SUBHASRI D:

    Hi  

    For the information regarding the Active Directory synchronization with Safeguard management center, please refer to this article. You can also refer anything regarding the Safeguard Enterprise in this article.

  • In reply to Jasmin:

    Is Single sign on possible in safeguard?

    If so how can i configure it.

     

    Regards,

    Subhasri 

  • In reply to SUBHASRI D:

    Hi  

    Safeguard Enterprise doesn't have conventional SSO sign in as it is an enterprise-level tool which can not be accessible to everyone in the organization. Safeguard Management Centre is only accessible to the user which is only under the Security Officer tab.

    If you have synchronized your Active Directory to Safeguard management centre, you can promote your AD user as Security Officer to provide access to the Safeguard Management Center. Please refer to this article to know the steps.

  • In reply to Jasmin:

    Hi,

    How do i get detailed logs and reports from Safeguard management center?

     

     

    Regards,

    Subhasri