About full disk encryption

Note: This feature is not included with all licenses. If you want to use it, you might need to change your license. For more information, see http://www.sophos.com/en-us/products/complete/comparison.aspx.

Full disk encryption protects the data on endpoint computers from being read or changed by unauthorized persons. Volumes on disks are encrypted transparently. Users do not need to decide what data is to be encrypted. Encryption and decryption are performed in the background.

By default, computers protected by full disk encryption run the Power-on Authentication (POA) before the operating system starts. After the user has logged on at the Power-on Authentication, the operating system starts and the user is logged on to Windows.

For convenient access, full disk encryption offers several features that aid IT operations on endpoint computers:

For recovery on computers protected by full disk encryption, the following logon recovery methods are available:

Important: Do not delete from the console computers that have been encrypted. Encryption recovery may not be possible in this case.

For more information about the recommended settings for full disk encryption, see the Sophos Enterprise Console policy setup guide.

For information about viewing events logged for computers protected by full disk encryption, see View encryption events.