Encryption
Module Disk encryption allows monitoring the status of disks on remote computers and managing encryption, decryption, and recovery key operations. With this feature, administrators can remotely control data security on disks using BitLocker technology.
Disk encryption status overview
Module Disk encryption provides an overview of disk encryption status on devices:
Displaying encryption status: The main panel shows encrypted and unencrypted drives, presented using pie charts.
TPM monitoring: Information about the presence and activity of the TPM module, which supports disk encryption. A chart showing the TPM status on devices is visible.
View elements
The column view presents detailed information about disks in a table with the following columns:
Computer: The name of the computer on which encryption is running.
Disk type: Specifies whether the disk is system or non-system.
Drive: The volume that is being encrypted.
BitLocker: BitLocker protection status (encrypted, unencrypted, unknown).
Status: Status of the current action (e.g., encrypted, decrypted, percentage of encryption completed).
Last command: The last operation performed on the drive (e.g., encrypt, decrypt).
Command result: Information about success or error of the last action.
Date: Date of the last performed operation.
Error: Details of an error, if one occurred during the operation.
System drive: Information whether the specified volume is the computer's system drive.
Host ID: Unique identifier of the device in the system.
Online: Information whether the computer is currently available on the network.
Progress: Current percentage completion of the encryption or decryption process.
Expanding shows additional information:
Drive size: Total capacity of the volume expressed in GB or TB.
TPM: Information whether the device has a TPM module and which version.
File system: Type of file system used on the volume, e.g., NTFS.
Device ID: Unique identifier of the physical media in the operating system.
Disk type: Type of media, e.g., HDD, SSD.
Serial number: Serial number assigned by the manufacturer to the given drive.
Disk encryption
Activating disk encryption
To encrypt a drive, follow these steps:
Select a drive from the list of available drives and click its action button.
Click Encrypt in the right-hand panel.
In the configuration window you can use the default encryption settings or go to advanced options that allow more precise customization of the process.
Advanced configuration
Selecting the encryption algorithm:
XTS-AES-256 (recommended for Windows 10+ systems).
XTS-AES-128.
AES-256.
AES-128.
Protection method:
TPM – encryption using TPM, without user interaction.
TPM + PIN – requires the user to enter a PIN.
Passphrase (Passphrase) – the user sets a password (not available for system drives).
Methods TPM + PIN and Password require the end user to define appropriate security credentials. The password policy conforms to the user's individual domain settings.
After completing configuration, choose Start encryption.
Note: The encryption process will be monitored by the system. Encryption progress is displayed as a percentage in the Status.
Deactivating encryption
To disable encryption:
Select the encrypted drive.
Click Decrypt in the right-hand panel. The option will be available only for encrypted drives.
Enabling and disabling BitLocker
What does “Turn off BitLocker” mean?
It is not decrypting the drive.
This is a so-called suspension of protection. The drive remains encrypted, but the key protection mechanism is temporarily disabled.
Meaning:
data remain encrypted,
but the system does not require additional TPM/PIN verification at startup,
the key is temporarily “released” to the system.
What does “Turn on BitLocker” mean?
It is a re- resumption of protection. The drive was still encrypted; you are simply restoring full protection.
BitLocker encrypts data with the FVEK key. That key is protected by the TPM. Suspending protection causes the TPM to temporarily stop blocking access when changes occur in the boot environment.
Data remain encrypted at all times. Their state on the drive does not change.
Recovery keys
The system enables remote management of BitLocker recovery keys.
The agent does not check the recovery key directly in the system. The entire process is as follows:
The user initiates encryption from the console.
The console generates the recovery key and stores it in the database.
The agent receives the disk encryption task containing the generated key and the settings chosen by the user.
If the computer was previously encrypted outside of eAuditor cloud, the console will only show information that the drive is encrypted. The recovery key will not be available. In such a case you must request decryption from the console (the system will do this locally via BitLocker without requiring the key), and then restart encryption using eAuditor cloud. Only then will the key appear in the console.
Downloading recovery keys:
Click Encryption key in the right-hand panel.
After administrator authorization, click Reveal, to display the decryption key that can be copied.
Notifications and alerts
The system can send notifications and alerts related to disk encryption status:
Information: The drive was encrypted or decrypted.
Warning: Error during encryption.
For drives encrypted before system deployment, the system allows management of encryption but does not generate the decryption key. For the system to manage keys, the drive must be decrypted and re-encrypted by the system.
Last updated
Was this helpful?