Skip to main content
All CollectionsEmployee and ISMS Management3 | Employee OnboardingComputers Page
Hard Drive encryption check
Hard Drive encryption check
Fabiola Munguia avatar
Written by Fabiola Munguia
Updated yesterday

Encrypting your computer’s hard drive is a vital step toward protecting sensitive data. It ensures that only authorized users can access the files stored on the device.

The Secfix Agent automatically checks whether all hard drives on an employee’s machine are encrypted. If even one hard drive remains unencrypted, the system flags the device as non-compliant (❌) under the HD ENCRYPTION column on the Computers page.

How to enable hard drive encryption

macOS: Enable FileVault

To encrypt your Mac hard drive, activate FileVault:

  1. Go to Apple Menu → System Preferences → Security & Privacy.

  2. Open the FileVault tab.

  3. Click the padlock icon (🔒) and enter an administrator username and password.

  4. Click Turn On FileVault to begin encryption.

💡 Encryption is enabled by default on devices equipped with the Apple T2 Security Chip.

Windows: Enable BitLocker or Device Encryption

For Windows 10 Pro and Windows 11 Pro users

  1. Sign in with an administrator account.

  2. In the search box, type Manage BitLocker and select it, or go to:

    Start → Control Panel → System and Security → BitLocker Drive Encryption

  3. Select Turn on BitLocker and follow the on-screen instructions.

For more details, follow this link.

For Windows 10 Home and Windows 11 Home users

BitLocker is not available on Home editions. However, Device Encryption is available and supported by the Secfix Agent. To enable Device Encryption:

  1. Open Settings → Update & Security → Device encryption

  2. Click Turn on to enable encryption.

If Device Encryption is not visible, your device may not support it. Check Troubleshooting: How to check if my Windows device supports encryption? and Troubleshooting: Activating encryption hardware on Windows (TPM) for assistance.

How to enable Linux HD encryption

Linux does not have a universal encryption method, but disk encryption is possible through various tools.

  • Encrypt home directories using the appropriate system tools.

  • Due to variability across Linux distributions, refer to your distro’s documentation.

Troubleshooting

How to check if my Windows device supports encryption?

To verify whether your Windows device supports BitLocker or Device Encryption, follow these steps:

  1. Open the Start menu.

  2. Type System Information in the search bar.

  3. Right-click the top result and select Run as administrator.

  4. In the left pane, click System Summary.

  5. Locate the field named Device Encryption Support.

    • If it states Meets prerequisites, your device supports encryption.

    • If it states anything else (e.g., “Reasons for failed automatic device encryption”), your device may not support it natively.

If encryption is not supported, you may need to contact your administrator or review your hardware settings, including the TPM configuration.

Activating encryption hardware on Windows (TPM)

Some manufacturers ship computers with the TPM (Trusted Platform Module) disabled by default. You can activate it using the following steps:

1. Open the Settings menu.

2. Navigate to Update & Security → Recovery.

3. Under Advanced startup, click Restart now.

4. In the blue screen menu:

• Click Troubleshoot

• Then select Advanced options

• Choose UEFI Firmware Settings

• Click Restart

5. In the BIOS/UEFI menu:

• Find the Security Settings

• Enable the TPM (Trusted Platform Module) option

TPM settings vary by manufacturer. If you’re unsure where to find this setting, consult your device manufacturer’s support documentation.

Troubleshooting Linux HD encryption

Step 1: Retrieve a list of HD partitions and their properties

Run the following command to list all hard drive partitions and their encryption status:

sudo blkid

Look at the Type column in the output. If it shows crypto_LUKS or similar, the partition is encrypted.

Step 2: Identify encrypted partitions that are not detected by Secfix

To inspect the filesystem type for specific partitions, use:

lsblk /dev/sda -o NAME,KNAME,FSTYPE,TYPE,MOUNTPOINT,SIZE

  • Replace /dev/sdX with the actual partition name (e.g., /dev/sda)

  • The FSTYPE column will indicate encryption status (e.g., crypto_LUKS)

Step 3: Share outputs with Support

If you believe encrypted partitions are not being properly detected by Secfix:

  1. Save the outputs from both sudo blkid and lsblk commands as a .txt file.

  2. Send the file to Secfix Support via in-app chat for further analysis.

Related Articles
Security of the Secfix Agent
Assigning Computers to Employees
Antivirus check
Understanding sync intervals on Secfix
Secfix Agent
Did this answer your question?