Manage Keys and Encrypt Machines with DriveStrike

Windows BitLocker Encryption

Windows BitLocker Encryption is easy to set up with DriveStrike, and it is a simple and effective way to encrypt and protect your fleet of Windows machines. Below you will find some information and instructions to help you get a good idea of how DriveStrike enables you to configure BitLocker integration and keep devices secure, all from one central console.

Start a free trial to start encrypting your Windows machines and managing keys through DriveStrike, and feel free to contact us if you have questions or need any help. If you have a large number of machines, check out our Windows Mass Deployment guide for setting up DriveStrike.

DriveStrike Encryption

Encrypt on Command

To enable BitLocker on a machine, simply click on that device and select “Encrypt” from your available actions in the top right of the device page. As long as BitLocker is supported on the device, the encryption process will begin immediately.

DriveStrike Key Management

Escrow Keys

DriveStrike retains a copy of the recovery key file for all machines that have BitLocker enabled through DriveStrike. This ensures that administrators have an encryption key to unlock encrypted data when needed.

DriveStrike Remote Lock

Rotate Keys & Lock

When a key rotation occurs, DriveStrike creates new BitLocker keys and deletes its previous keys, and triggers a reboot. You will need to use one of the newly-created keys shown on the Device page to allow the computer to continue booting.

DriveStrike BitLocker Persistence

Persist BitLocker

DriveStrike administrators have the option to persist BitLocker, which means that even if administrative user disables BitLocker on their machine, DriveStrike will automatically re-enable BitLocker.

Start Your Free 30 Day Trial

Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.

Encrypt Windows devices you manage

BitLocker Integration: An Overview

With DriveStrike’s Windows BitLocker integration, deploying and enabling whole drive encryption has never been easier. DriveStrike provides added data security at no additional cost while easing the deployment and management of encryption keys. DriveStrike supports BitLocker deployment and encryption for Trusted Platform Module (TPM) devices as well as older, non-compliant hardware.


DriveStrike for Windows

Windows Remote Encryption Pre-requisites:

  • Windows 8 or 10 with a valid BitLocker license.
  • BitLocker is available on Windows Pro, Ultimate, Enterprise, and Education editions.

DriveStrike will confirm BitLocker availability upon device registration, and display “Enable” in the DriveStrike Device Details page for supported devices.


Selecting “Enable” on the DriveStrike Device Details page encrypts all your physical internal hard drives and escrows a recovery start up key file that can be used to boot the machine and access the encrypted data. DriveStrike reports the progress of drive encryption in the Details section of the Device page.

Devices that are encrypted will be noted in the Dashboard with the following icon: DriveStrike-Encryption-Icon


Encrypt a Windows Device in 3 Easy Steps:

1. Log In to DriveStrike

When you log in to your account, your Dashboard will show you all the devices you manage at a glance. You can search for the device if you manage a large number of devices.

2. Click on the Device

On the Device Page, you will see information about the device, available actions, and a history of actions. You can also see a map showing the last known location of the device.

3. Click “Enable”

DriveStrike will encrypt the device’s hard drive and escrow keys. A link to download the recovery key for each encrypted drive is displayed in the Device Details section.


Start Your Free 30 Day Trial

Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.

TPM and Non-TPM Machines supported

DriveStrike Features for Windows Encryption

Using BitLocker with TPM Machines

If your machine supports TPM (most newer hardware does) you will not be asked to enter a passcode or provide an external key to boot the machine. Essentially, the Windows user login and general experience remains unchanged, but the data is secure and protected from unauthorized access. If you want to learn more about TPM and how the TPM security model was built to minimize user annoyance while improving security, please visit Windows Trusted Platform Module Technology Overview.

DriveStrike-Windows

Using BitLocker with Non-TPM Machines

If your machine does not support TPM, DriveStrike will require that you provide a passphrase that will be used to encrypt the data on the machine. This passphrase is required to boot the machine from this point forward until BitLocker is disabled.

The passphrase option and TPM are mutually exclusive, so if your machine has a TPM, you will not be able to set a passphrase, and if it does not have a TPM, you will need to set a passphrase.


Additional Features

Escrowed Recovery Key – DriveStrike retains a copy of the recovery key file for all machines that have BitLocker enabled through DriveStrike. This ensures that administrators have an encryption key to unlock encrypted data when needed. A link to download the recovery key for each encrypted drive is displayed in the Device Details section within DriveStrike.
Stored Passphrase – When a passphrase is used to encrypt data, DriveStrike stores and displays the passphrase next to the associated drive within the Device Details section.
Additional Lock Option – Administrators can optionally force recovery mode through DriveStrike Remote Lock. Forced recovery mode removes the TPM key and requires a passphrase or an external key file to boot the machine and access the encrypted data. Downloading the DriveStrike escrowed key to the root of a USB drive prepares the USB to be used at boot to unlock the machine.
Change Encryption Key – Administrators can change the passphrase or recovery key for any drive. This allows Administrators to securely lock out insiders while retaining access to the data on the machine (assuming the physical hardware is not destroyed).
Disable Encryption – Administrators can remotely disable encryption for the physical drives on the machine.

Implementation

Implementing our solution is easy. DriveStrike can be installed a number of ways:

  • Email invitations to recipients and they can simply click on a link and follow instructions.
  • Use Mass Deployment software with group policies or other over-the-air push technology.
  • Install individually on devices.
  • Leverage a remote desktop solution to remotely install on each of your devices.

Once DriveStrike is installed, simply navigate from the Dashboard to the device in question and review the Device Details for the information you need. Start a free trial to begin protecting your devices, or contact us if you have any questions. We would be happy to help you get started protecting your devices with DriveStrike.
Best Remote Encryption

DriveStrike – Data Breach Protection

Respond to cybersecurity threats and encrypt Windows devices. Start a free trial today to find out if DriveStrike is the premium security solution your business has been looking for.

Use in the Enterprise

Remotely managing encryption keys for your fleet of Windows machines is an important part of effective mobile device management. We are committed to help you achieve your data protection goals and secure your digital assets on demand. Know the encryption status of every asset and have the power to enable BitLocker remotely. You know the demands on your business. We are here to help you manage risk while empowering your team to optimize fleet resources.

Use in Small Businesses

The demands on small businesses to keep track of employees’ laptops, smartphones, tablets, and other devices is growing every day. How do you ensure data security, customer information privacy, and minimize your risk while effectively serving your customers? With DriveStrike you can encrypt any Windows machine compatible with BitLocker, and manage encryption keys from your Dashboard. Know which devices have BitLocker enabled, and persist BitLocker to keep devices secure even when users have administrative privileges.

Personal Uses for Windows Encryption

Encryption is a strong security measure that can help you protect data on your personal laptop. Windows provides an option called Device Encryption, which is a helpful alternative to BitLocker if you do not have one of the Windows editions that BitLocker works with. If you need to encrypt your personal Windows device, you can either upgrade to Windows Pro and enable BitLocker, or use the Device Encryption capability included in Windows 10 Home.

DriveStrike-Remote-Locate

More Features For Further Protection…


Start Your Free 30 Day Trial

Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.