Configuring encryption of Windows devices

17 May 2024

ID 154682

After you enabled encryption in several security profiles simultaneously, you can edit encryption settings in each security profile separately, as described in this section.

To edit encryption of devices running Windows:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Select the Security managementSecurity profiles section.

    The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

  3. In the list, select the security profile for the devices on which you want to configure encryption.
  4. Click the link with the profile name to open the security profile properties window.

    The security profile properties window displays settings available for all devices.

  5. In the Windows group, select the Management settingsEncryption section.
  6. Do either of the following:
    • To encrypt your users' devices, select the Enable encryption option.
    • To decrypt your users' devices, select the Disable encryption option.
  7. Click the Settings link.
  8. Define the encryption settings:
    1. If you want to use hardware encryption, switch on the Hardware encryption toggle button. If this toggle button is switched off, software encryption is used.

      Hardware encryption lets you increase the speed of encryption and use less computer resources.

    2. If you want to enable authentication by using Trusted Platform Module (TPM), switch on the Authentication by using Trusted Platform Module (TPM) toggle button.
    3. If you enabled the Authentication by using Trusted Platform Module (TPM) option during the previous step, click the Settings link under the Authentication by using Trusted Platform Module (TPM) section.

      The Trusted Platform Module (TPM) authentication settings window opens.

    4. If you want to set a PIN code that will be requested when the user attempts to gain access to an encryption key, enable the Use PIN where available option. In the Minimum PIN length (digits) field, you can specify the minimum number of digits that a PIN code must contain.

      A PIN code will be used to gain access to encryption keys that are stored in TPM, if TPM is available on the device.

    5. If you want to have access to encryption keys if TPM is not available on the device, enable the Authorization by using password option. In the Minimum password length (characters) field, you can specify the minimum number of characters that a password must contain.

      Access to encryption keys will be protected by a password.

      On devices running Windows 7 and Windows Server 2008 R2, only encryption that uses TPM is available. If the TPM module is not installed on such devices, they cannot be encrypted. Using a password is not supported on such devices.

    6. If you want to enable BitLocker authentication in the preboot environment on tablet computers, switch on the Enable the use of BitLocker authentication on Windows tablets toggle button.

      The touchscreen of tablet computers is not available in the preboot environment. To complete BitLocker authentication on tablet computers, the user must, for example, connect a USB keyboard.

  9. Click the Save button.

The specified encryption settings are saved.

The encryption and decryption of devices may take a long time. You can use the Encryption status of devices report to see the current encryption status.

See also:

Recovering access to an encrypted device

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.