Skip to main content

Full Disk Encryption

This protection layer allows you to provide full disk encryption on endpoints, by managing BitLocker on Windows, and FileVault and diskutil on macOS. You can encrypt and decrypt boot and non-boot volumes, with just a few clicks, while GravityZone handles the entire process, with minimal intervention from the users. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.


Full Disk Encryption is an add-on available with a separate license key for all available GravityZone packages.


Full Disk Encryption uses the following components:

  • GravityZone Control Center

  • Security agent (Bitdefender Endpoint Security Tools installed on Windows, Linux, & Mac endpoints)

Install and configure Full Disk Encryption

To start using this features, follow the steps below:


If your endpoints already have the BEST agent deployed, but the Full Disk Encryption module is not installed, you can use a Reconfigure agent task to add the module to the endpoint.

If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.

Below we have included both procedures.

Viewing Full Disk Encryption activity