How to configure Full Disk Encryption feature on Windows 10 using Sophos Central

March 8, 2019 Micheal Security, Sophos, Windows 0

This article will describe the step configure Full Disk Encryption on Windows 10 using Sophos Central

Diagram and Implementation steps

  • As the diagram we see administrator can sit anywhere to control endpoint via Sophos Endpoint Protection.
  • To do this, the endpoint need to install Sophos Endpoint Protection on their computer.
  • You can see installation guide Sophos Endpoint Protection here.
  • In this article, we will configure Sophos Endpoint Protection on laptop Thinkpad X201 running Windows 10 OS and create Policy on Sophos Central to encrypt drive on device.

Configuration instructions

  • After installing Sophos Protection, we will login Sophos Central to check if the computer has been added.
  • Computer’s name is SecurityHeartbeat.
  • To check computer’s name on Sophos Central we click Devices and will see the SecurityHeartbeat machine name in the list.
  • Next to write device encryption policy press Encryption> Policies.
  • Press Add Policy, in Feature default is Device Encryption and in Type choose Device.
  • Set name the policy is Test.
  • In the Available Computers panel select the device called SecurityHeartbeat and click the button “>” to move it to the Assigned Computers panel.
  • This step is for the purpose of specifying the device to be executed Policy.
  • Next to in Setting, turn on Device encryption is on using toggle press.
  • Below there are 3 options as follow:
  • Encrypt boot volume only : This option when turned on will only encrypt the disk containing the operating system.
  • Require startup authentication : This option will require enter the password when user turn on the machine.
  • Encrypt used space only: This option when turned on will only encrypt the disk containing data.
  • In this example, we will turn on Require startup authenticaiton and turn off the remaining 2 to encrypt all available drives on the computer.
  • In POLICY ENFORCE tab, we need to turn on Policy is enforce to the policy take effect and click Save.
  • Turn on the Thinkpad machine and click on the green S-shaped shield icon in the tray to turn on Sophos Endpoint Protection.
  • Click About > Update Now to update Policy.
  • At this time, the computer will appear a message to Restart the machine to prepare for the encryption process.
  • Click Start drive preparation for a few minutes and press Restart.
  • After Restart, the Sophos Device Encryption panel appears, we enter the PIN code into 2 boxes to start the encryption (Note that the PIN code must include special characters, lowercase letters, numbers and lengths) 8 characters or more).
  • Click Save and restart.
  • Now the machine will restart and show the blue panel asking us to enter the PIN just set in the previous step to log into the computer.
  • After logging in to the computer, the encryption process will start, to check the process of clicking on the encryption icon in the tray and the progress of the encryption panel will appear.
  • It takes a while for the encryption process to complete.
  • After successfully encrypting, to check whether the encrypted drive is available, double-click This PC and will see the drive encrypted with the lock icon.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.