Skip to content

Alerts for Device Encryption

These are the Device Encryption alerts.

There are the following types of alerts for Device Encryption:


Alert type Description
Device is not encrypted A volume is not encrypted even though it is supposed to be encrypted. A possible reason is that the user postponed encryption when the policy was applied.
Recovery key is missing A recovery key for an encrypted volume cannot be found in the Sophos Central database.
Device Encryption is suspended

If you did not suspend Device Encryption, possible reasons are:

  • The recovery key is not yet stored in Sophos Central. Make sure that the endpoint has an internet connection.
  • Pre-provisioned BitLocker is not yet activated. Users need to define a PIN, password, or USB key to activate BitLocker.
  • Windows updates are being installed. BitLocker will automatically be un-suspended after the next restart.