Overview
Sophos Central Device Encryption is a feature that allows users to encrypt their devices and secure their data. In this guide, we will show you how to configure the TPM-Only authentication mode for Sophos Central Device Encryption.
How to configure
Step 1: Create Device Encryption Policy
Login to Sophos Central Admin -> My Product -> Encryption -> Policies -> Add Policy
In Type: Choose User or Device as the license what you bought
In View Encryption Policy
Policy name
In Available Computer -> Choose computer and click > to move to Assigned Computers
In Setting tab
Turn On Device Encryption
Untick Require startup Authentication: Disable this feature will choose to use TPM-only encrypted authentication mode only
Move to Policy Enforced
Turn on Policy Enforced. After that click Save
Step 2: Device Encryption with TPM-only
On the computer, open Sophos Endpoint Agent, you will see Data protection is off because the Device Encryption policy has not been applied to the device. You click About (on the bottom right corner)
Click Update Now to update policy for the computer. After updating, click Open Endpoint Self Help Tool
In Status -> Device Encryption -> Bitlocker State. You will see the notification “Encryption is not enabled via policy, or at least one volume is not encrypted”
You need to Restart for Device Encryption can start encrypting the computer
After restarting, go to system tray icon, you can see 1 icon, click icon to follow the disk encryption process
You can see “Data protection is on”
On Sophos Central, you can check encryption device in Dashboard -> Encryption Status
Leave a Reply