Initial encryption

Initial Encryption encrypts all files according to:

It can be automatically triggered by means of a policy setting or manually by users.

If automatically triggered, initial encryption runs in the background. When done, a log event is generated.

It starts each time endpoints receive new Synchronized Encryption policies and each time users log on to their endpoints. This ensures that files are always encrypted according to company policies and prevents them remaining unencrypted unintentionally.

Note: If a large amount of data has to be processed, initial encryption may lead to performance issues on the endpoints.

On Windows, users can manually start initial encryption from the context menu in Explorer extensions (SafeGuard File Encryption > Encrypt according to policy). The SafeGuard File Encryption Wizard is displayed, showing information on the amount of data to be processed, the progress and the results of the task.

On Macs, users can go to the Policies tab of the Preference pane and click Enforce all Policies to start initial encryption.

If files encrypted with a key other than the Synchronized Encryption key are detected and users have this key in their key ring, these files are re-encrypted with the Synchronized Encryption key. Files that are encrypted with a key that is not available in the user's key ring are left unchanged.

Initial encryption is applied in locations defined in policies.