Skip to main content




This module is available for:

  • Windows for workstations

  • Windows for servers

  • macOS

The Encryption module manages full disk encryption on endpoints by leveraging BitLocker on Windows, and FileVault and the diskutil command-line utility on macOS, respectively.

With this approach, GravityZone is able to provide some consistent benefits:

  • Data secured in case of lost or stolen devices.

  • Extensive protection for the most popular computer platforms in the world, by using recommended encryption standards with full support from Microsoft and Apple.

  • Minimal impact on the endpoints’ performance due to the native encryption tools.

The Encryption module operates the following solutions:

  • BitLocker version 1.2 and later, on Windows endpoints with a Trusted Platform Module (TPM), for boot and non-boot volumes.

  • BitLocker version 1.2 and later, on Windows endpoints without a TPM, for boot and non-boot volumes.

  • FileVault on macOS endpoints, for boot volumes.

  • diskutil on macOS endpoints, for non-boot volumes.

For the list of operating systems supported by the Encryption module, refer to GravityZone requirements.


Availability and functioning of this feature may differ depending on the license included in your current plan.


To use Full Disk Encryption, you first must make sure that this feature is activated with your GravityZone product and then you must configure it in the policy settings.

GravityZone Full Disk Encryption is a feature that requires activation based on license key. To do this, go to Configuration > License and enter the license key. To check the availability of Full Disk Encryption, open the policy settings or create a new installation package and see if Encryption appears among the listed modules.