Migration from existing File Encryption module on Windows

Users can migrate from the SafeGuard Enterprise File Encryption module to the Synchronized Encryption module. Files that were encrypted before remain encrypted and accessible. Files that are modified and saved after the migration are re-encrypted with the Synchronized Encryption key. By specifying an initial encryption in a policy, files can be re-encrypted with the Synchronized Encryption key.


You have to ensure that all required keys ("old keys" used for encrypting files with the legacy File Encryption module, and "new" Synchronized Encryption key ) are available in the users' key rings.

Run migration

Follow these steps:

  1. Install the Synchronized Encryption module on endpoints. The module replaces the existing File Encryption module.
  2. Make sure that all keys the users had in their key rings when they used File Encryption remain part of their key rings. This ensures that users can access files that are already encrypted using Synchronized Encryption.
  3. In the Management Center, create new Synchronized Encryption policies.
    • All applications that should be able to access encrypted files must be part of the Application List used in the Synchronized Encryption policies.
    • Synchronized Encryption policies should cover the same Encryption scope as previous location-based File Encryption policies.
    • Specify settings for initial encryption. Initial encryption will start immediately after the policy has been applied on the endpoint and encrypt or re-encrypt all files with the Synchronized Encryption key. This ensures that all files are encrypted according to policies.
      Note: Initial encryption can also be started from the Windows Explorer context menu (SafeGuard File Encryption > Encrypt according to policy).
  4. Deploy the policies.


  • Encrypted files covered by the Synchronized Encryption policies are re-encrypted with the Synchronized Encryption key.

  • Files created or modified by applications on the Synchronized Encryption Application list will be encrypted with the Synchronized Encryption key.

  • Encrypted files not covered by the Synchronized Encryption policies stay encrypted with the previous File Encryption key. Users who have the required key in their key ring can always decrypt files manually, even if files are no longer covered by encryption policies.