A device is not encrypted - Alerts when enrolling new endpoints are creating noise.

Hello,

To give context, our leadership and information security team are concerned with alerts that I coming from Sophos. Their concerns are valid considering the email titles are: Alert for Sophos Central [*****]: A device is not encrypted.

However, these are false alerts that are only occurring when we are adding new endpoints to our environment and putting Sophos Central on the devices. We are looking for a way to minimize this noise. What I assume is happening is that there is a period after install for all the 'check boxes' to be checked before reading as encrypted and the alert is going out before those checks are being met. 

We have scaled back the alerting to hourly, but that doesn't seem to be helping. Any ideas?



Added tags
[edited by: Gladys at 7:59 AM (GMT -8) on 20 Nov 2023]
Parents
  • Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    This error could occur if the user has postponed encryption when the policy was applied. Is it possible that this has happened? Could you please confirm the current encryption status of these devices on Central?

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Our typical procedure is as follows:

    Image our new device

    Decrypt the drive that comes standard on the device

    Install Sophos Cloud

    Reboot the device in order to start encryption

    --------

    Here are the events from the device:

    Nov 2, 2023 2:54 PM
    The Device Encryption status changed from In progress to Encrypted.
    Nov 2, 2023 2:46 PM
    The Device Encryption status changed from Not encrypted to In progress.
    Nov 2, 2023 2:42 PM
    Device is not encrypted.
    Nov 2, 2023 2:42 PM
    Update succeeded
    Nov 2, 2023 2:40 PM
    A BitLocker recovery key has been received from: *****
    Nov 2, 2023 2:40 PM
    Device is not encrypted.
    Nov 2, 2023 2:40 PM
    The Device Encryption status changed from Unmanaged to Not encrypted.
    Nov 2, 2023 2:37 PM
    The Device Encryption status changed from Not available to Unmanaged.
    Nov 2, 2023 2:37 PM
    Update succeeded
    Nov 2, 2023 2:36 PM
    New computer registered: *****

Reply
  • Our typical procedure is as follows:

    Image our new device

    Decrypt the drive that comes standard on the device

    Install Sophos Cloud

    Reboot the device in order to start encryption

    --------

    Here are the events from the device:

    Nov 2, 2023 2:54 PM
    The Device Encryption status changed from In progress to Encrypted.
    Nov 2, 2023 2:46 PM
    The Device Encryption status changed from Not encrypted to In progress.
    Nov 2, 2023 2:42 PM
    Device is not encrypted.
    Nov 2, 2023 2:42 PM
    Update succeeded
    Nov 2, 2023 2:40 PM
    A BitLocker recovery key has been received from: *****
    Nov 2, 2023 2:40 PM
    Device is not encrypted.
    Nov 2, 2023 2:40 PM
    The Device Encryption status changed from Unmanaged to Not encrypted.
    Nov 2, 2023 2:37 PM
    The Device Encryption status changed from Not available to Unmanaged.
    Nov 2, 2023 2:37 PM
    Update succeeded
    Nov 2, 2023 2:36 PM
    New computer registered: *****

Children