Full Disk Encryption
This protection layer allows you to provide full disk encryption on endpoints, by managing BitLocker on Windows, and FileVault and diskutil on macOS. You can encrypt and decrypt boot and non-boot volumes, with just a few clicks, while GravityZone handles the entire process, with minimal intervention from the users. Additionally, GravityZone stores the recovery keys needed to unlock volumes when the users forget their passwords.
Note
For more information on the product you can read our FAQ article.
The product is available as an add-on, which, when added to your company is listed next to your main license:
The product gives your company access to the following benefits:
Data secured in case of lost or stolen devices.
Minimal impact on the endpoints’ performance due to the native encryption tools.
Native encryption management, allowing administrators to control and enforce settings for Bitlocker (on Windows) and Filevault (on MacOS).
Pre-boot authentication enforcement.
Reporting of detailed encryption compliance.
Note
For a list of compatible operating systems and solutions, refer to this kb article.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the Full Disk Encryption section.
Select Start free trial.
The add-on will be added to your company's list of licenses as a separate product. You will be redirected the home page where you will see the new sections in GravityZone available to you.
Note
To remove the Full Disk Encryption key, you can use the Stop Trial button. Learn more
Configure and install the new feature
Important
We recommend trying out the new feature on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.
To start using these new features, follow the steps below:
Go to the Policies page.
You can either:
Under Encryption enable and configure the module.
Save your policy.
If you created a new policy, apply it to the endpoints you want to test it on.
If you edited an existing policy, the changes will take place on all endpoints it was applied to.
This will allow you to enable the newly available features on all selected enpdoints.
Go to the Network page and select the endpoints you wish to deploy the module on.
Click the Tasks button and select Reconfigure client.
Under Modules select Add and enable Encryption.
Note
For more information on using the Reconfigure client task refer to Reconfigure agent.
Click Save.
The task will now deploy the Encryption module on all selected endpoints.
Test out the new feature
To manage the encryption and decryption processes, two options are available:
Additionally, you can exclude partitions from encrypting.
Stop the trial
To stop the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the Full Disk Encryption section.
Select Stop trial.
The product will be removed from your company and all additional features will be disabled.