Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.

Enforcing Encription policy

Hallo I would like to force a client to use PIN as startup authentification.

So I created computer base policy "require startup authentification" and aplied it on a computer. At this moment everytime the computer starts to Windows there is a popup telling me that "From now you will need to enter a Bitlocker PIN every time you start the computer" ... OK it is what I came for I guess.

But stop it right there. The whole thing doesnt work quite as I would expect. The pop up windows teling me that I will need to enter PIN closes automaticaly even in case I put nothing. The popup windows can be closed by x in the corner. So the user is not force to use PIN. In computers console I can not see thet the computer doesnt meet requirements and I ned to set up something. In central console I see the computer OK as well.

Is there a way to force user to use PIN. And is there a way to see that the requirements set by policy in central are not met?

Thank you much. Pavel


  • Hi  

    It is not possible to force any user to enter the PIN in the wizard because it is designed in such a manner. 

    You can see which users have not yet enabled encryption. Look in the Reports section in the Sophos Central Admin console.

  • In reply to Jasmin:

    OK but can I see the he didnt enabled or disabled PIN? Pavel

  • In reply to Pavel Vanek:


    Encryption on the drive can only be started if they have entered the PIN. But we can't directly see in reports if they have enabled or disabled the PIN.

    There will be notification generated in Central console if they will postpone the entering PIN into the pop-up.