Seqrite encryption policy lets you encrypt sensitive data and protect it from unauthorized access.
Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it, or by transferring the device’s hard drive to a different device. Seqrite encryption feature helps mitigate unauthorized data access by performing volume encryptions using Microsoft BitLocker.
This feature enables you to:
System Requirements
Client Pre-requisites:
1. Hardware:
- TPM 2.0
- BIOS with UEFI mode
2. OS
- Windows 10 64-bit
- Windows 11
Note ☛
Turn off Device encryption in Settings > Device encryption settings on Windows 11 24H2, if you see an exclamation mark on drives or a "BitLocker waiting for activation" message in the Manage BitLocker window.
Disclaimer
- Ensure that hardware TPM 2.0 is enabled on the endpoint.
- It is highly recommended to back up important data before you apply the encryption policy.
- Seqrite shall not assume responsibility for any loss or damage to data. It is advised to thoroughly review the BitLocker terms prior to implementing this policy.
- In the event of occurrences such as a server crash, it is recommended as a precautionary measure to regularly back up the recovery keys.
- Ensure that the laptop/desktop has enough battery life or is connected to the power source.
- Ensure that the volume you need to encrypt are not already encrypted by any third-party encryption software.
- Depending on the volume size, encryption/decryption might take time and it might affect the system performance. However, you can continue with the work while it is in progress.
- IT Admin should be trained for all the recovery mechanism.
- To avoid any hardware compatibility issue before rolling out encryption to a large number of machines, a pilot testing should be conducted in customer premises on some test machines.
- Encrypting or decrypting the removable media is not supported.
- This feature is supported only on Windows systems.
Configure the Encryption Policy
Following are the steps to configure the Seqrite encryption policy for Windows endpoints to perform encryption/decryption operation for volume.
- Go to the EPS console.
- Click Policies from the left panel. Refer this link to know the steps for creating a new policy.
- Click the edit icon against the desired policy.
- Click Encryption from the left panel and expand the Encryption section by clicking the side arrow.
- Select the Encrypt OS and Fixed Data Volume checkbox to encrypt the OS volume and all the fixed data volumes.
- Clear the Encrypt OS and Fixed Data Volume checkbox to decrypt the already encrypted volumes through Seqrite encryption policy.
- Click Save Policy.
The policy is saved and applied to the supported endpoints.
Important to Know:
To ensure uninterrupted functionality of this feature, it is necessary to maintain continuous compatibility with the hardware. Should any alterations occur in the hardware configuration, it is absolutely necessary to reapply the policy.
For instance, if any hardware modifications occur, such as the disabling of TPM, the Activity Log will document this event with the message ‘Encryption is not supported due to incompatible hardware’. Additionally, the report displays a status ‘Not Supported’. In such cases, it is necessary to ensure hardware compatibility and reapply the policy. The reapplication of the policy will trigger a hardware check once more, thus restarting the functionality accordingly.
Summary of Steps:
- Identify Hardware Incompatibility.
- Make it compatible.
- Restart the machine.
- Reapply and save the policy.
The Encryption functionality resumes seamlessly.
Rescue Steps
If the systems/volumes are stuck in the recovery mode, these are the steps to retrieve the recovery key.
- Go to the EPS console.
- Go to Reports.
- Click Encryption.
- Click View to open the Endpoint Encryption Status report.
- Click Apply. Enter the required details in the text box and click Generate Report.
- Click Details under the Volume Details column against the endpoint that you need the recovery key for.
- Click the Show Recovery Key button. A table with Recovery Key and other details appears. You can use the key to recover the volume.
In case of multiple entries, you can click Add Filter to search for an endpoint by either entering the endpoint name or the status.
The filtered list appears.
The Volume Status report window appears.
Note that the recovery key is displayed only to the Super Admin and Admin user roles.
For the detailed steps, refer the KB article here.
In case of any issue, contact Seqrite support at support@seqrite.com.