Secureframe Agent: Hard Drive Encryption Check

Hard Drive Encryption

Here are step-by-step instructions for setting up hard drive encryption on a device.


To enable device encryption, please complete the following instructions from Microsoft:

  1. Select Start > Settings > Privacy & security  > Device encryption.
  2. If Device encryption is turned off, turn it On.
  3. If Device encryption doesn't appear, it isn't available for your device.


In order to pass this check, FileVault must be enabled.

To enable Filevault (instructions from here):

  1. On your Mac, choose Apple menu  > System Settings, click Privacy & Security in the sidebar, then click FileVault on the right. (You may need to scroll down the right-side list.)
  2. Click Turn On. You might be asked to enter your password.
  3. Choose how to unlock your disk and reset your login password if you forget it:
    1. iCloud account: Click “Allow my iCloud account to unlock my disk” if you already use iCloud. Click “Set up my iCloud account to reset my password” if you don’t already use iCloud.
    2. Recovery key: Click “Create a recovery key and do not use my iCloud account.” Write down the recovery key and keep it in a safe place.
  4. Click Continue.


This checks for the following configurations for the hard drive:

  • The drive mounted as root needs to be encrypted. The encryption process will vary based on the flavor of Linux being used.
  • ZFS encryption is not currently supported because of a limitation in osquery.
  • *If your Linux device is not 'checking in' after restarting, please refer to this article.

Related to

Was this article helpful?

Have more questions? Submit a request



Article is closed for comments.