Disk Encryption
Feature availability
Operating Systems | WARP mode required | Zero Trust plans |
---|---|---|
macOS, Windows, Linux | WARP with Gateway | All plans |
The Disk Encryption device posture attribute ensures that disks are encrypted on a device.
To enable the Disk Encryption check:
- On the Zero Trust Dashboard, navigate to My Team > Devices > Device posture.
- Click +Add.
- Select Disk Encryption.
- Enter a descriptive name for the check.
- Select your operating system.
- Toggle on the Enable Disk Encryption switch.
- Click Save.
Your device posture attribute is now visible on the Device posture page.
How the Zero Trust client determines encryption
Operating systems determine disk encryption in various ways. The following information will allow you to understand how the client determines disk encryption status on various systems.
On macOS
- Open a terminal window.
- Run the
/usr/sbin/system_profiler SPStorageDataType
command to return a list of drivers on the system and note the value of Mount Point. - Run the
diskutil info
command for a specific Mount Point and look for the value returned for FileVault. It must show Yes for the disk to be considered encrypted.% diskutil info /System/Volumes/Data | grep FileVaultFileVault: Yes
All disks on the system must be encrypted for the posture check to pass.
On Windows
- Open a Powershell window.
- Run the
Get-BitLockerVolume
command to list all volumes detected on the system. - Protection Status must be set to On.
All disks on the system must be encrypted for the posture check to pass.Get-BitLockerVolume