Disk Encryption Manager
Volume level disk encryption protects your customers' data due to theft or accidental loss, by rendering information on hard drives unreadable to unauthorized users. Disk encryption is ideally suited where data is a critical asset or governed by compliance regulations such as GDPR, PII, PCI DSS and there is a risk of data loss.
Using disk encryption, data cannot be accessed and information cannot be stolen. The encryption keys are connected to the hardware the disk is installed on to ensure that simply removing a disk does not provide access to the data. Even if the disk drive is removed from the computer, the information remains encrypted and cannot be recovered without the associated Recovery Keys.
The security offered by disk encryption provides peace of mind, particularly when enabled on those at-risk devices, including laptops, that may leave the building. Disk Encryption is integrated into Managed Antivirus Bitdefender (MAV-BD) and deployed through MAV-BD Protection Policies.
There are three security options (Key Protector Strengths) available when using MAV-BD Disk Encryption Manager:
- Trusted Platform Module (TPM) - This is a hardware level security available on most new PCs. When enabled, the user does not need to enter a password when starting their computer. They are presented with the Windows login screen. No password is required
- Trusted Platform Module and PIN - With TPM and PIN, the user must enter a PIN to unlock the disk and proceed to the login screen. This is the most secure method of encrypting and protecting data. Microsoft recommends this security option with disk encryption
- Password - The password option is the default security mechanism when a device does not include TPM, or TPM is has been disabled on the device. When the user logs into their computer, they must enter a password to unlock the disk and proceed to the Windows login screen
If you close your RMM (trial or full) account entirely then you will have to rely on your Recovery Key Report. Ensure you have produced the report and have saved this securely for future use before closing down you RMM account, as we do not store anything in this case.
If you delete your devices from RMM, the last known Recovery Key will be retained in the Recovery Key Report for 90 days only.
If you remove Disk Encryption Manager from devices, and they remain in RMM, you still have access to the Recovery Key Report which has the history of the last known Recovery Key before the device returned the control to the end user. Be aware, the end-user may have re-encrypted which would change the Recovery Key from what RMM last had on record.
In these scenarios, we highly recommended running the Recovery Key Report and storing it in a safe location before performing any other actions. Otherwise, you will not be able to access the Recovery Keys from RMM or Technical Support.
What do you want to do?
- Review Disk Encryption Manager Prerequisites
- Set permissions for Disk Encryption Manager
- Enable Disk Encryption Manager by Device Type, Client or Site
- Enable Disk Encryption Manager at the Individual Device Level
- View the Disk Encryption End-user Experience
- Monitoring Disk Encryption
- View Disk Encryption Manager Reporting
- Provide a Recovery Key for an End-user
- View the Removing Disk Encryption Manager with or without Decrypting Devices process
- View the Removing Devices with Disk Encryption Manager from the RMM Dashboard process
- View the Frequently Asked Questions