Skip to main content

Full Disk Encryption

This protection layer allows you to provide full disk encryption on endpoints, by managing BitLocker on Windows, and FileVault and diskutil on macOS. You can encrypt and decrypt boot and non-boot volumes, with just a few clicks, while GravityZone handles the entire process, with minimal intervention from the users. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.

Note

For more information on the product you can read our FAQ article.

The product is available as an add-on, which, when added to your company is listed next to your main license:

Companies_Licensing_product_and_addon_FDE_472122_en.png

The product gives your company access to the following benefits:

  • Data secured in case of lost or stolen devices.

  • Minimal impact on the endpoints’ performance due to the native encryption tools.

  • Native encryption management, allowing administrators to control and enforce settings for Bitlocker (on Windows) and Filevault (on MacOS).

  • Pre-boot authentication enforcement.

  • Reporting of detailed encryption compliance.

Note

For a list of compatible operating systems and solutions, refer to this kb article.

Start the trial

To start the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the Full Disk Encryption section.

  4. Select Start free trial.

The add-on will be added to your company's list of licenses as a separate product. You will be redirected the home page where you will see the new sections in GravityZone available to you.

Note

To remove the Full Disk Encryption key, you can use the Stop Trial button. Learn more

Configure and install the new feature

Important

We recommend trying out the new feature on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.

To start using these new features, follow the steps below:

Preparing and deploying policies

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. You can either:

    • Create a new policy.

    • Edit one of your existing policies.

  4. Under Encryption enable and configure the module.

  5. Save your policy.

  6. If you created a new policy, apply it to the endpoints you want to test it on.

    If you edited an existing policy, the changes will take place on all endpoints it was applied to.

This will allow you to enable the newly available features on all selected enpdoints.

Creating a reconfigure client task to deploy the Encryption module

  1. Log in to GravityZone Control Center.

  2. Go to the Network page from the left side menu and select the endpoints you wish to deploy the module on.

  3. Click the Tasks button and select Reconfigure client.

  4. Under Modules select Add and enable Encryption.

    Note

    For more information on using the Reconfigure client task refer to Reconfigure agent.

  5. Click Save.

    The task will now deploy the Encryption module on all selected endpoints.

Test out the new feature

To manage the encryption and decryption processes, two options are available:

  • Decrypt – decrypts volumes and keeps them unencrypted when the policy is active on the endpoints.

  • Encrypt– encrypts volumes and keeps them encrypted when the policy is active on the endpoints.

Additionally, you can exclude partitions from encrypting.

Stop the trial

To stop the trial, follow the steps below:

  1. Log in to GravityZone with your administrator account.

  2. Click the product_trials_icon_262792_en.png button on the upper right side of the console to access the In Product Trials page.

  3. Select Learn more under the Full Disk Encryption section.

  4. Select Stop trial.

The product will be removed from your company and all additional features will be disabled.

In this section: