Application Programmer (Infrastructure and OA support) at a government with 11-50 employees
Real User
Apr 29, 2021
Beware to make backup of useful data, then use reverse decryption policy from Symantec panel/McAfee ePO to decrypt the DE partitions while it is sometimes more straightforward and faster to reinstall the machine(s) all over from scratch (especially for mechanical hard drives taking one day or two if being decrypted). For uninstallation of the McAfee Agent and Encryption modules, it is advisable to use the McAfeeEndpointProductRemoval tool for greater ease and GUI simplicity as compared to batch command lines. When using Bitlocker, make sure all your partitions per machine are encrypted respectively with reference to a single unlock password of C: drive and do keep an offline record of recovery key(s) for emergency purpose.
Your replacement is a smart move because Windows Bitlocker seldom or never requires any version control and product upgrades, but then it misses out the functionality of centralized control as in Symantec panel or ePO Orchestrator.
Search for a product comparison in Endpoint Encryption
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Real User
Apr 29, 2021
From a licensing perspective, you will want to have management over BitLocker.
With PGP you have a management tool to manage the encryption, but you are using a non-native product to encrypt your devices and may slow the device down or create other management issues.
If you are in a regulated industry like Healthcare or just want more control over BitLocker, management is critical. BitLocker is native to the operating system and an individual can encrypt their machine but then the keys are not secure so you have less protection from regulators.
There are a few ways to manage BitLocker.
MBM or Microsoft BitLocker manager is part of some on-premise Microsoft licensing for Windows as well as Microsoft 365 Business Premium and Microsoft 365 E3/E5 (Not part of Office 365 E3/E5). With MBM your keys are encrypted and reporting will show that the device is encrypted or unencrypted if lost. That is very important with Healthcare Laptops, since a lost laptop can cost a healthcare organization $Millions depending on what the Healthcare Org can prove what was or was not on the laptop to the Federal Govt. "Office of Civil Rights"...
Sophos is another product that will manage BitLocker and encrypt the keys.
Trend Micro is another that will also manage BitLocker and encrypt the keys.
Microsoft BitLocker provides full-disk encryption, integrating seamlessly with Windows security features for enhanced data protection. Its deployment across diverse hardware ensures secure encryption, making it a reliable choice for businesses prioritizing data security.BitLocker offers robust disk encryption capabilities, appealing to organizations needing secure data protection. While it integrates well with System Center Configuration Manager and uses TPM for added security, areas like...
Beware to make backup of useful data, then use reverse decryption policy from Symantec panel/McAfee ePO to decrypt the DE partitions while it is sometimes more straightforward and faster to reinstall the machine(s) all over from scratch (especially for mechanical hard drives taking one day or two if being decrypted). For uninstallation of the McAfee Agent and Encryption modules, it is advisable to use the McAfeeEndpointProductRemoval tool for greater ease and GUI simplicity as compared to batch command lines. When using Bitlocker, make sure all your partitions per machine are encrypted respectively with reference to a single unlock password of C: drive and do keep an offline record of recovery key(s) for emergency purpose.
Your replacement is a smart move because Windows Bitlocker seldom or never requires any version control and product upgrades, but then it misses out the functionality of centralized control as in Symantec panel or ePO Orchestrator.
From a licensing perspective, you will want to have management over BitLocker.
With PGP you have a management tool to manage the encryption, but you are using a non-native product to encrypt your devices and may slow the device down or create other management issues.
If you are in a regulated industry like Healthcare or just want more control over BitLocker, management is critical. BitLocker is native to the operating system and an individual can encrypt their machine but then the keys are not secure so you have less protection from regulators.
There are a few ways to manage BitLocker.
MBM or Microsoft BitLocker manager is part of some on-premise Microsoft licensing for Windows as well as Microsoft 365 Business Premium and Microsoft 365 E3/E5 (Not part of Office 365 E3/E5). With MBM your keys are encrypted and reporting will show that the device is encrypted or unencrypted if lost. That is very important with Healthcare Laptops, since a lost laptop can cost a healthcare organization $Millions depending on what the Healthcare Org can prove what was or was not on the laptop to the Federal Govt. "Office of Civil Rights"...
Sophos is another product that will manage BitLocker and encrypt the keys.
Trend Micro is another that will also manage BitLocker and encrypt the keys.
Do a google search on "bitlocker hack"
Review some of the videos to see just how easy it is.