Encryption method and reporting

You can encrypt volumes with software-based or hardware-based encryption.

Device Encryption always uses software-based encryption for new volumes, even if the drive supports hardware-based encryption.

If a drive is already encrypted with hardware-based encryption, it isn't changed.

If a BitLocker group policy setting requires hardware-based encryption, it isn't changed.

On the Computers page, you can filter computers according to their encryption state, for example, encryption method or computers that aren't encrypted.

A computer's details page shows the encryption method and algorithm used for a volume.

For Windows computers, you can also see Encrypted since. The information shown depends on the device.

  • For computers already encrypted with Sophos Central Device Encryption, it shows the date and time the computer upgraded to Sophos Central Device Encryption version 2.1.
  • For computers encrypted using another encryption product, it shows the date and time Sophos Central Device Encryption was installed.
  • For new computers encrypted with Sophos Central Encryption 2.1 (or later), it shows the date and time of encryption.

The Encryption status report shows the encryption status of your computers.

You can see which of your computers are encrypted, which volume types are encrypted, and which computers comply with your encryption policies. You can also find out how your computers authenticate and how they're encrypted.