Encrypt your computer

Follow these instructions to encrypt your computer.

Restriction Device Encryption is only available on endpoint computers.

Device Encryption encrypts the hard disk of your computer using Windows BitLocker technology. Your administrator defines whether you need to authenticate each time you access your computer.

If no authentication is required, the encryption of your hard disk starts automatically as soon as you restart your computer after you received the Sophos Central policy. There is nothing you need to do in this case.

If you need to authenticate, do as follows:

  1. When the Sophos Device Encryption dialog is displayed, follow the instructions in the dialog. The specific instructions depend on your system and the policy settings defined by your administrator.
    • If the Device Encryption policy requires a PIN or password for authentication, follow the on-screen instructions to create a PIN or password.

      Note Be careful when creating a PIN or password. The pre-boot environment only supports the US-English keyboard layout. If you create a PIN or password now with special characters, you might have to use different keys when you enter it to sign in later.
    • If the Device Encryption policy requires a USB key for authentication, you need to connect a USB flash drive to your computer. The USB flash drive must be formatted with NTFS, FAT, or FAT32.
  2. When you click Restart and Encrypt, the computer restarts and encrypts your hard disks. You can work as usual.
    Note You can select Do this later to close the dialog. However, it will appear again next time you sign in.

After Sophos Central has encrypted the system volume, the encryption of the data volumes is started. Removable data volumes such as USB drives are not encrypted.

When you sign in to your computer, you may need a PIN, password, or USB key to unlock your system volume. Data volumes are unlocked automatically.