Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Notification: Data protection is off

In my Sophos Endpoint application I got a notification with 'Data protection is off'. Where in the Sophos Central portal do I turn it on?


  • Looks like they found and solved the issue:


  • In reply to Mathias Storm:

    Indeed, all working fine again. Yes

  • In reply to Funkey:

    My computer is back to normal also.  I still have a few machines that aren't starting the encryption service by default, but hopefully a refresh will fix that.

  • I seems there are answers to this post. Is there any updated articles I can look for? The articles seemed to have be moved. Our Sophos Central is not stating anything is wrong yet the devices state "Data protection is off" Our Device Encryption licence limit is not even close to being full either. 

  • In reply to Jacob Kiesow:

    I am testing a theory and maybe you guys can confirm.   From what we found out, the data protection is using Windows BitLocker to encrypt.  We use SCCM to turn on BitLocker and then after the set up, manually install Sophos Cloud under an account with administrative privileges.  I have a couple of machines that doesn't show any notifications of Data Protection (just Your Computer is Protected notification) so I am wondering it shows Data Protection off because BitLocker was already implemented so Sophos doesn't report it's on?

    I hope the links are updated too...

  • In reply to James Darcy:

    Basically Central Encryption is managing Bitlocker. 

    So if you "install" the Encryption part of Central Encryption via Central, the endpoint will load the Encryption Module.

    If the module is loaded on the Endpoint but no Policy for encryption is in place, the Endpoint will show "Data Protection is off". 


    Data Protection needs a Policy. If you have a own Management (by SCCM for example), you do not need the Bitlocker Management by Central. So to speak, you do not need to load the encryption module to your Endpoints.

    But you can not use any encryption feature by central. There can be only one Encryption management.


    If you press "Manage Endpoint Software" under Computers, you can deselect the Encryption Part. 



  • In reply to LuCar Toni:

    Thank you for your reply!