Enabling encryption of devices running Windows

The actual encryption of protected devices starts only after you complete the procedure described in this section.

To enable encryption of devices running Windows:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Encryption section.

   The displayed Using encryption on devices window allows you to enable and disable encryption in security profiles, and to go to the list of reports.

3. Click the Enable encryption for Windows button.

   The button is available only if there is at least one security profile in which encryption of devices running Windows has not yet been enabled.

   The Enable Encryption Management for devices running Windows window opens.

4. Select the check boxes next to the names of the security profiles in which you want to enable encryption.

   The list contains only those security profiles in which encryption has not yet been enabled.

5. Click the Enable Encryption Management button.
6. Define the encryption settings:
   1. If you want to use hardware encryption, switch on the Hardware encryption toggle button. If this toggle button is switched off, software encryption is used.

      Hardware encryption lets you increase the speed of encryption and use less computer resources.

   2. If you want to enable authentication by using Trusted Platform Module (TPM), switch on the Authentication by using Trusted Platform Module (TPM) toggle button.

      A microchip developed to provide basic functions related to security (for example, for storing encryption keys). A TPM is usually installed on the computer motherboard and interacts with all other system components through the hardware bus.

   3. If you enabled the Authentication by using Trusted Platform Module (TPM) option during the previous step, click the Settings link under the Authentication by using Trusted Platform Module (TPM) section.

      The Trusted Platform Module (TPM) authentication settings window opens.

   4. If you want to set a PIN code that will be requested when the user attempts to gain access to an encryption key, enable the Use PIN where available option. In the Minimum PIN length (digits) field, you can specify the minimum number of digits that a PIN code must contain.

      A PIN code will be used to gain access to encryption keys that are stored in TPM, if TPM is available on the device.

   5. If you want to have access to encryption keys if TPM is not available on the device, enable the Authorization by using password option. In the Minimum password length (characters) field, you can specify the minimum number of characters that a password must contain.

      Access to encryption keys will be protected by a password.

      On devices running Windows 7 and Windows Server 2008 R2, only encryption that uses TPM is available. If the TPM module is not installed on such devices, they cannot be encrypted. Using a password is not supported on such devices.

   6. If you want to enable BitLocker authentication in the preboot environment on tablet computers, switch on the Enable the use of BitLocker authentication on Windows tablets toggle button.

      The touchscreen of tablet computers is not available in the preboot environment. To complete BitLocker authentication on tablet computers, the user must, for example, connect a USB keyboard.

7. Click Next to continue.
8. Check the list of security profiles in which you want to enable encryption, and the encryption settings that you defined.
9. Click the Apply button.

Encryption is enabled in the selected security profiles with the defined settings.

Later, if necessary, you can edit encryption settings in each security profile separately.

The encryption and decryption of devices may take a long time. You can use the Encryption status of devices report to see the current encryption status.

Page top