Bitlocker Sophos



Open ThisPC right click on the encrypted drive select Manage BitLocker Select Turn Of BitLocker and Decrypt process will start. For Windows 7 Click the Windows icon and enter the ‘bitlocker’ search box and select BitLocker Drive Encryption. Next select Turn Of BitLocker to Decrypt drive. Bitlocker recovery is triggered by specific events outlined on this Microsoft article. FileVault recovery allows retrieval of Filevault-encrypted data when a user can't remember their Mac login password. The following sections are covered: Applies to the following Sophos products and versions. Note: This knowledge base article is intended to be used with the Sophos Endpoint Self Help tool found in Sophos Central Windows Endpoints only. This article is linked from the Sophos Endpoint Self Help (ESH) tool and provides troubleshooting steps when the utility reports issues with the Device Encryption status. The SafeGuard Enterprise BitLocker Challenge/Response Client relies on the recovery tools partition to backup encrypted recovery data. If backing up the encrypted recovery data fails, the SafeGuard Client will not start the encryption of the machine due to recovery / security reasons. Applies to the following Sophos products and versions.

Bitlocker

Sophos Central Device Encryption lets you centrally manage Windows BitLocker and macOS FileVault native device encryption. With Sophos Central’s web-based management, there is no server to deploy and no need to configure back-end key servers. You can deploy and start securing data in minutes. For existing Sophos Central.

You can find encryption recovery keys.

Bitlocker sophos windows 10

You can get a device encryption recovery key by entering a volume or recovery identifier.

Sophos safeguard bitlocker pinBitlocker

Retrieve recovery key (Windows computers)

If users are unable to log in to their encrypted computer, you can get a recovery key which is used to unlock the computer. There is a recovery key for each volume of a BitLocker protected computer. It is created and backed up in Sophos Central before the computer is encrypted.

Note When Sophos Device Encryption is installed, existing BitLocker recovery keys are replaced automatically and can no longer be used.
Note Even if a policy has been disabled and the computer's Device Encryption status is shown as 'Unmanaged', you can get a recovery key if one is available.

To get the recovery key, go to Computers, select the computer you want to recover, and click More > Retrieve Recovery Key. If you cannot find the computer in the list, you need the recovery key identifier or the volume identifier and use it in the recovery wizard, as follows:

  1. Tell the user to restart the computer and press the Esc key in the BitLocker logon screen.
  2. Ask the user to provide you with the information displayed in the BitLocker recovery screen.
  3. In Sophos Central, go to Computers and click More > Retrieve Recovery Key.
  4. Enter at least five characters of the recovery key identifier or the volume identifier provided by the user.
  5. Click Show Key to display the recovery key.
    Note If you enter a volume identifier, Sophos Central displays all available recovery keys for this volume. The latest recovery key is the top one.
  6. Make sure that the user is authorized to access the encrypted device before you provide the recovery key.
    Note As soon as a recovery key is displayed to you as administrator, it is marked as used and will be replaced at the next synchronization.
  7. Give the recovery key to the user.

The user can now unlock the computer. Users of computers running Windows 8 or later are prompted to create a new PIN or password. Instructions for creating the PIN or password are displayed automatically.

After the computer has been recovered, a new recovery key will be created and backed up in Sophos Central. The old one will be deleted from the computer.

Retrieve recovery key (Macs)

If users forget their login password, you can get a recovery key which is used to unlock the computer.

To get the recovery key, go to Computers, select the computer you want to recover, and click More > Retrieve Recovery Key. If you cannot find the computer in the list, you need the recovery key identifier or the volume identifier and use it in the recovery wizard, as follows:

  1. Tell the user to switch on their computer and wait until the Recovery Key ID is displayed.
    Note The recovery key ID is displayed for a short time. To display it again, users must restart their computer.
  2. Ask the user to tell you the Recovery Key ID.
  3. In Sophos Central, go to Computers and click More > Retrieve Recovery Key.
  4. Enter at least five characters of the recovery key identifier.
  5. Click Show Key to display the recovery key.
  6. Make sure that the user is authorized to access the encrypted device before you provide the recovery key.
  7. Give the recovery key to the user.
    • For users imported from Active Directory, continue to step 8.
    • For all other users, go straight to step 10.
  8. Reset the existing password in Active Directory. Then generate a preliminary password and give it to the user.
  9. Tell the user to click Cancel in the Reset Password dialog and enter the preliminary password instead.
  10. Tell the user to do as follows:
    • Create a new password.
    • Click Create New Keychain if prompted.

The user can access the computer again.

Sophos Bitlocker Recovery

Bitlocker

Bitlocker Sophos Free

No new recovery key is created. The existing recovery key remains valid.