Disk encryption policy and recovery key storage with Primo

The disk encryption policy outlines how Primo manages encryption using FileVault for MacOS, BitLocker for Windows, and the complexities involved with Linux, while also emphasizing the importance of recovery keys for data access and the necessary actions for their secure storage.

1 min read

Disk encryption is an essential security measure to protect data in case of device loss or theft.

How it works by OS

MacOS

  • On MacOS, encryption is handled by FileVault. Primo automatically activates FileVault during MDM installation.

Windows

  • On Windows, Primo uses BitLocker for encryption. Activation also occurs automatically after MDM installation.

Linux:

  • Linux devices are tricky to encrypt, as it may sometimes require erasing the hard drive and setting up an operating system from scratch.

Encryption delay and required actions

The encryption delay after MDM installation may vary depending on the disk size and device power.

  • On Windows, encryption doesn't require a restart and happens naturally
  • On MacOS, encryption will be effective upon the next device restart

Recovery keys

Recovery keys are essential for accessing data in case the main password is forgotten. They can also be used if an employee forgets their password.

Primo automatically retrieves and stores recovery keys during the encryption process. They are stored at the device level in the My Fleet tab.

👉
Recovery keys are only stored in Primo if encryption is active in your MDM security policies > Profiles tab.

Actions required to ensure key storage:

  • On Windows, the key is automatically stored as soon as encryption begins
  • On MacOS, the key is stored at the encryption restart, or at the next restart if the Mac was already encrypted

Related articles
Did this answer your question?