Safeguard bitlocker encryption

Any update on this??

Hi SUBHASRI D 

If you have installed any of the other product then Sophos Central Device Encryption or Sophos Safeguard on your machines, Sophos will not be able to manage it.

Sophos manages Bitlocker (for windows OS) and FileVault (for Mac OS) which are native encryption technologies provided by Microsoft and Apple respectively.

Hi SUBHASRI D 

Safeguard Enterprise doesn't have conventional SSO sign in as it is an enterprise-level tool which can not be accessible to everyone in the organization. Safeguard Management Centre is only accessible to the user which is only under the Security Officer tab.

If you have synchronized your Active Directory to Safeguard management centre, you can promote your AD user as Security Officer to provide access to the Safeguard Management Center. Please refer to this article to know the steps.

Hi,

How do i get detailed logs and reports from Safeguard management center?

Regards,

Subhasri

Hi SUBHASRI D 

Please refer to this article which provides SQL queries for a few of the reports which are not available as reports in the Safeguard management center. Apart from that, you can refer to this article which explains about reports. You can navigate on the document through the panel in the left hand side.

You can also easily produce inventory logs from the server, which will show client drive state (encrypted/not) and also encryption type, device last seen etc. No SQL queries are needed for this - it's built into the console.

Hi,

Can you guide me through ,where can i find it in the console.

There is a tab for reports,but i need the logs of the users who are manged by safeguard management center.

Regards,

Subhasri

This "basic" report doesn't contain users, but instead the devices. Click on the root of your domain (on the left) Select Inventory on the tabs on right. Click the magnifying glass (without entering a PC/hostname) This will list ALL devices that have reported into SafeGuard. Select one device (anyone - doesn't matter). File - Print Preview - "Calculating print area might take several mins" - Click OK" - When window opens - File - Export Document. Find format you need and save it to view later.

What data are you looking for with your users? The users of the console or users of the devices that have SafeGuard installed?

Hi SUBHASRI D 

MichaelMcLannahan has already suggested the simple way to export the inventory of the Safeguard Management Center. Safeguard manages computers, not the users, so you'll find the computers in the inventory, not the users.

I am assuming that you want a report for the users who are assigned against the computers in the Safeguard. Please use the below SQL query which will help you to fetch users assigned to the computers:

-----------------------------

use SafeGuard

SELECT USR_ID, USR_LOGON_NAME, USR_FIRST_NAME, USR_LAST_NAME, USR_EMAIL, machines.*

FROM
(SELECT SGD_NAME,SGD_ID,UMA_USER_ID,SGD_DSN,SGD_SCHEMA_CLASS_NAME
FROM Safe_Guard_DIR INNER JOIN
USR_MACHINE_ASSIGN ON Safe_Guard_DIR.SGD_ID = USR_MACHINE_ASSIGN.UMA_MACHINE_ID) AS MACHINES INNER JOIN USERS ON USERS.USR_ID = MACHINES.UMA_USER_ID

-----------------------------

This query is mentioned in the KB article I provided to you above. Please refer to this KB once, so you'll aware about numbers of reports can be generated through the query.

Hi,

How to work with power on authentication in safeguard??And can only username & password can be the only way to boot the machine.

And one more query windows credential and safeguard credential i need as only one sign in.Is it possible??

Regards,

Subhasri

POA is dependant on OS - It's no longer available in Win10. What OS are you referring to?

I'm afraid the second credential provider (Windows AND SafeGuard) will be visible. It is possible to hide the Windows one but I know this can have a strange impact on the system, and it's critical you appreciate what changes/impacts there are. I went down to route of educating users on "please use the Sophos Cog to log in from now on" approach.

You must also plan that if you should remove SafeGuard at any point (or you're unable to log in with SafeGuard owing to an error) you'll not be able to log into the machine.

https://community.sophos.com/kb/en-us/114190

If this not going to work on win 10 then how do I protect the drive in my machine?

What is the use of safeguard in power on authentication??

If this not going to work on win 10 then how do I protect the drive in my machine?

What is the use of safeguard in power on authentication??

Windows 10 (and some versions of Win7/8) use BitLocker and it's this that is managed by Sophos SafeGuard. Previously in earlier OS Sophos did their own disk encryption and POA worked with that.

So SafeGuard will help you manage BitLocker and store the recovery keys within the console/SQL. The users will see the "standard" BitLocker screen when they power on their devices. They'll enter a PIN (if set by SafeGuard policy) or password (Windows 10 supports passwords for those devices without TPM) and/or TPM can be used. It's also possible to use a USB Startup key too - but my personal opinion is best to stick with TPM/PIN combination if supported.

Hope this helps and clarifies a little?

Hi SUBHASRI D 

Please find the document for authentication policy which will help you to understand the options explained by Michael. POA only comes with Safeguard encryption but it is not needed after the arrival of Windows 10 as Microsoft has already provided the native encryption technology "Bitlocker". Now Safeguard only manages the Bitlocker for the drive encryption and so that if you want to put POA for those users, you can use options mentioned under "BitLocker Logon Mode for Boot Volumes". 

Hi,

let me be clear in what I actually need.

1. We want to implement Username & Password Authentication at "Pre-Boot Authentication" instead of BitLocker Password only , is this possible to achieve with Sophos Safeguard + BitLocker
2. Single Sign On (PreBoot + Windows Logon Authentication Synchronisation), is this possible to achieve with Sophos Safeguard + BitLocker 

We are using Microsoft Windows 8, 10.

Hi SUBHASRI D 

Please refer the below answers for your queries:

1. It is not possible to implement Username & Password Authentication instead of Bitlocker Password with any kind of Encryption software as in preboot authentication, the machine never has access to network service and hence user can't be authenticated against the AD.

2. If you have installed Safeguard Encryption on the client, you need to login to the Safeguard cred provider instead of Windows Cred provider as it syncs automatically clients to safeguard server on fix interval and generates user certificates. Safeguard Cred provider is not different, username and password for that will be the same as Windows username and password.

Hi,

where can I update the trial license?

and where can i view the technical case details

regards,

Subhasri

Hi SUBHASRI D 

Would you please suggest that you want to import the trial license to the Safeguard Enterprise console or do you want to renew the license which you have currently?

Please suggest which particular case details do you want to see?