Skip to content

Encryption method and reporting

You can encrypt volumes with software-based or hardware-based encryption.

Device Encryption always uses software-based encryption for new volumes, even if the drive supports hardware-based encryption.

If a drive is already encrypted with hardware-based encryption, it isn't changed.

If a BitLocker group policy setting requires hardware-based encryption, it isn't changed.

On the Devices > Computers page, you can filter computers according to their encryption status, for example, encryption method or computers that aren't encrypted. See Encryption status for possible encryption statuses.

A computer's details page shows the encryption method and algorithm used for a volume.

For Windows computers, you can also see Encrypted since. The information shown depends on the device:

  • For computers already encrypted with Sophos Central Device Encryption, it shows the date and time the computer upgraded to Sophos Central Device Encryption version 2.1.
  • For computers encrypted using another encryption product, it shows the date and time Sophos Central Device Encryption was installed.
  • For new computers encrypted with Sophos Central Encryption 2.1 (or later), it shows the date and time of encryption.