Skip to content

About decryption

You don't usually need to decrypt. If you need to exclude an encrypted endpoint from encryption you can do this by removing all of its users from the policy and then turning encryption off.

In Windows Explorer (on the endpoint), right-click on the system disk and select Manage BitLocker. In the BitLocker Drive Encryption dialog, click Turn off BitLocker. Only a Windows administrator can perform this operation.

If an encryption policy is applied and a user, with administrative privileges, attempts to manually decrypt their hard disk Sophos Central overrides the user's command and the disk will remain encrypted.