After you enabled encryption in several security profiles simultaneously, you can edit encryption settings in each security profile separately, as described in this section.
Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
In the list, select the security profile for the devices on which you want to configure encryption.
Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
In the Windows group, select the Management settings → Encryption section.
If you want to turn the encryption module off without sending the actual command to encrypt or decrypt your users' devices, set the toggle switch to Encryption Management is disabled. This may be useful if you use a third-party encryption tool.
Do either of the following:
To encrypt your users' devices, select the Encrypt devices option.
To decrypt your users' devices, select the Decrypt devices option.
Click the Settings link.
Define the encryption settings:
If you want to use hardware encryption, enable the Hardware encryption toggle switch. If this toggle switch is disabled, software encryption is used.
Hardware encryption lets you increase the speed of encryption and use less computer resources.
If you want to enable authentication by using Trusted Platform Module (TPM), enable the Authentication by using Trusted Platform Module (TPM) toggle switch.
A microchip developed to provide basic functions related to security (for example, for storing encryption keys). A TPM is usually installed on the computer motherboard and interacts with all other system components through the hardware bus.
If you enabled the Authentication by using Trusted Platform Module (TPM) option during the previous step, click the Settings link below the Authentication by using Trusted Platform Module (TPM) section.
The Trusted Platform Module (TPM) authentication settings window opens.
If you want to set a PIN code that will be requested when the user attempts to gain access to an encryption key, enable the Use PIN where available option. In the Minimum PIN length (digits) field, you can specify the minimum number of digits that a PIN code must contain.
A PIN code will be used to gain access to encryption keys that are stored in TPM, if TPM is available on the device.
If you want to have access to encryption keys if TPM is not available on the device, enable the Authorization by using password option. In the Minimum password length (characters) field, you can specify the minimum number of characters that a password must contain.
Access to encryption keys will be protected by a password.
On devices running Windows 7 and Windows Server 2008 R2, only encryption that uses TPM is available. If the TPM module is not installed on such devices, they cannot be encrypted. Using a password is not supported on such devices.
If you want to enable BitLocker authentication in the preboot environment on tablet computers, enable the Enable the use of BitLocker authentication on Windows tablets toggle switch.
The touchscreen of tablet computers is not available in the preboot environment. To complete BitLocker authentication on tablet computers, the user must, for example, connect a USB keyboard.
Click the Save button.
The specified encryption settings are saved.
The encryption and decryption of devices may take a long time. You can use the Encryption status of devices report to see the current encryption status.