Partial rollout of Synchronized Encryption

In case of a partial-rollout of SafeGuard Enterprise Synchronized Encryption, you have to make sure that all of your users can access shared encrypted data.

If you want to activate encryption in your company step by step, you can start by deploying Synchronized Encryption policies with activated encryption for example to the endpoints of the Marketing department only. These endpoints will encrypt files according to the Synchronized Encryption policies. Users on endpoints of other departments will not be able to access these files since they do not have the Synchronized Encryption policies applied. To avoid this situation, you can deploy read-only policies that enable read access to encrypted files. These endpoints do not encrypt any data but can read encrypted files.


To roll out SafeGuard Enterprise Synchronized Encryption, follow these steps:

  1. Create a Synchronized Encryption policy (application-based) in the SafeGuard Management Center.
  2. Deploy the policy to users whose endpoints should encrypt data. In the example above, endpoints of the Marketing department.
  3. Create read-only policies.
    Note: You need to create separate policies for Windows and Mac endpoints.
  4. Deploy the read-only policies to all of your other Windows and Mac endpoints. In the example above, all endpoints except those of the Marketing department.