What’s new in Central Device Encryption (CDE) 2.0?

We’re delighted to announce the launch of Central Device Encryption 2.0 for Windows. Among the great new functionality is secure document sharing – enabling users to encrypt Outlook attachments and files before sharing them with internal or external colleagues. Admin enhancements include the ability to prompt for a BitLocker password reset, along with greater visibility into device encryption types. Read on for more details!

Please note, these features are Windows only.

Secure document sharing

With a few clicks, users can create a password-protected file. Encrypted files can only be opened by a recipient with the correct password, they simply need a web browser and valid password to access the documents. Furthermore, a new Outlook add-in enables users to encrypt email attachments before sharing them with internal or external colleagues, safe in the knowledge they remain secure.


Trigger BitLocker password reset

Prompt users to change BitLocker passwords on a regular basis. Admins select the desired reset frequency and receive alerts for users who choose to repeatedly postpone the password change. An immediate password reset prompt can also be sent to specific devices.

Enhanced reporting

Sophos Central now provides details of encryption type, either software-based or hardware-based, along with the algorithm used. For example, admins can see that a device’s hard drive has been encrypted using software-based AES 256-bit encryption.

Software-based encryption

Sophos Central Device Encryption will now apply software-based encryption by default, even if devices support hardware-based encryption. Note that existing devices, already encrypted with hardware based encryption, will not be affected.

  • Rollout timeline? All new installs?

  • Hello Joe. The admin policy settings and updated Windows client are both now available. New installs will use version 2.0 and existing devices will upgrade to this version.

  • Regarding the Password Protection feature ive been wanting something like this for some time now, its a lot easier having it built into my security soft rather than having to use 3rd party tools.

    Could we get the ability to password protect folders aswell as files??  It would be easier still if i could password protect a folder rather than having to set on individual files which is very time consuming if your trying to password protect a batch of files.  But nice to see this module getting some attention.

  • Thanks John, grateful for the feedback. Encrypting folders is a request we've had from a few others, so it's something we'll consider as part of future planning.

  • I like the new reporting, that we now can see what methods are used for encryption. Will you also add the ability to force these settings? Right now we still need to set these through GPO. It would be easier to not have to change Bitlocker settings in two places (Central and GPO)

  • Hi Philippe. You make a good point, we'll take this into account as we plan future versions.

  • What process/algorithm is used to encrypt/password protect email attachments? Is it Bitlocker, and therefore XTS-AES 256?

  • I presume the process/algorithm for attachment encryption is Bitlocker/XTS-AES 256?

  • Could we get the option to right click and encrypt folders just like the file context menu password encrypt??