Encryption

Print Friendly, PDF & Email

Seqrite encryption policy lets you encrypt sensitive data and protect it from unauthorized access.

Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it, or by transferring the device’s hard drive to a different device. Seqrite encryption feature helps mitigate unauthorized data access by performing volume encryptions using Microsoft BitLocker.

This feature enables you to:

  • encrypt or decrypt OS drive.
  • encrypt or decrypt fixed data drives.
  • System Requirements

    Client Pre-requisites:

    1. Hardware:

    • TPM 2.0
    • BIOS with UEFI mode

    2. OS

    • Windows 10 64-bit
    • Windows 11

      Note
      Turn off Device encryption in Settings > Device encryption settings on Windows 11 24H2, if you see an exclamation mark on drives or a "BitLocker waiting for activation" message in the Manage BitLocker window.

    Disclaimer

    • Ensure that hardware TPM 2.0 is enabled on the endpoint.
    • It is highly recommended to back up important data before you apply the encryption policy.
    • Seqrite shall not assume responsibility for any loss or damage to data. It is advised to thoroughly review the BitLocker terms prior to implementing this policy.
    • In the event of occurrences such as a server crash, it is recommended as a precautionary measure to regularly back up the recovery keys.
    • Ensure that the laptop/desktop has enough battery life or is connected to the power source.
    • Ensure that the volume you need to encrypt are not already encrypted by any third-party encryption software.
    • Depending on the volume size, encryption/decryption might take time and it might affect the system performance. However, you can continue with the work while it is in progress.
    • IT Admin should be trained for all the recovery mechanism.
    • To avoid any hardware compatibility issue before rolling out encryption to a large number of machines, a pilot testing should be conducted in customer premises on some test machines.
    • Encrypting or decrypting the removable media is not supported.
    • This feature is supported only on Windows systems.

    Configure the Encryption Policy

    Following are the steps to configure the Seqrite encryption policy for Windows endpoints to perform encryption/decryption operation for volume.

    1. Go to the EPS console.
    2. Click Policies from the left panel. Refer this link to know the steps for creating a new policy.
    3. Click the edit icon against the desired policy.
    4. Click Encryption from the left panel and expand the Encryption section by clicking the side arrow.
    5. Select the Encrypt OS and Fixed Data Volume checkbox to encrypt the OS volume and all the fixed data volumes.
    6. Clear the Encrypt OS and Fixed Data Volume checkbox to decrypt the already encrypted volumes through Seqrite encryption policy.
    7. Click Save Policy.
    8. The policy is saved and applied to the supported endpoints.

    Important to Know:

    To ensure uninterrupted functionality of this feature, it is necessary to maintain continuous compatibility with the hardware. Should any alterations occur in the hardware configuration, it is absolutely necessary to reapply the policy.

    For instance, if any hardware modifications occur, such as the disabling of TPM, the Activity Log will document this event with the message ‘Encryption is not supported due to incompatible hardware’. Additionally, the report displays a status ‘Not Supported’. In such cases, it is necessary to ensure hardware compatibility and reapply the policy. The reapplication of the policy will trigger a hardware check once more, thus restarting the functionality accordingly.

    Summary of Steps:

    1. Identify Hardware Incompatibility.
    2. Make it compatible.
    3. Restart the machine.
    4. Reapply and save the policy.

    The Encryption functionality resumes seamlessly.

    Rescue Steps

    If the systems/volumes are stuck in the recovery mode, these are the steps to retrieve the recovery key.

    1. Go to the EPS console.
    2. Go to Reports.
    3. Click Encryption.
    4. Click View to open the Endpoint Encryption Status report.
    5. In case of multiple entries, you can click Add Filter to search for an endpoint by either entering the endpoint name or the status.

    6. Click Apply. Enter the required details in the text box and click Generate Report.
    7. The filtered list appears.

    8. Click Details under the Volume Details column against the endpoint that you need the recovery key for.
    9. The Volume Status report window appears.

    10. Click the Show Recovery Key button. A table with Recovery Key and other details appears. You can use the key to recover the volume.
    11. Note that the recovery key is displayed only to the Super Admin and Admin user roles.

    For the detailed steps, refer the KB article here.

    In case of any issue, contact Seqrite support at support@seqrite.com.

    Was this page helpful?