For enhanced security, you can configure and apply disk encryption profiles to the disks of your Windows and Mac endpoints.
XDRprovides full visibility into encrypted Windows and Mac endpoints that were encrypted using BitLocker and FileVault, respectively. Additionally, you can apply
XDRDisk Encryption rule on the endpoints by creating disk encryption rules and policies that leverage BitLocker and FileVault capabilities.
Before you start applying disk encryption policy rules, ensure you meet the following requirements and refer to these known limitations:
Requirement / Limitation
Disk Encryption Scope
You can enforce XDR disk encryption policy rules only on the Operating System volume.
Group Policy configuration:
Follow this high-level workflow to deploy the
XDRdisk encryption in your network:
Monitor the Endpoint Encryption Status in Cortex XDR
You can monitor the
Encryption Statusof an endpoint in the
table. For each endpoint, the table lists both system and custom drives that were encrypted.
Disk Encryption Visibility
The following table describes both the default and additional optional fields that you can view in the
Disk Encryption Visibilitytable per endpoint. The fields are in alphabetical order.
The endpoint encryption status can be:
Unique ID assigned by
XDRthat identifies the endpoint.
Hostname of the endpoint.
The status of the endpoint. For more details, see View Details About an Endpoint.
Last known IPv4 or IPv6 address of the endpoint.
Date and time of the last change in the agent’s status. For more details, see View Details About an Endpoint.
The MAC address of the endpoint.
The platform running on the endpoint.
Name of the operating system version running on the endpoint.
Lists all the disks on the endpoint along with the status per volume,
Encrypted. For Windows endpoints,
XDRincludes the encryption method.
You can also monitor the endpoint
Encryption Statusin your
Endpoint Administrationtable. If the
Encryption Statusis missing from the table, add it.
Configure a Disk Encryption Profile
- Log in toCortexXDR.Go toand selectEndpointsPolicy ManagementExtensionsProfiles+ New ProfileorImport from File. Choose thePlatformand selectDisk Encryption. ClickNext.
- Fill-in the general information for the new profile.Assign a name and an optional description to the profile.
- Enable disk encryption.To enable theCortexXDRagent to apply disk encryption rules using the operating system disk encryption capabilities,EnabletheUse disk encryptionoption.
- ConfigureEncryption details.
- For Windows:
- Encrypt or decrypt the system drives.
- Encrypt the entire disk or only the used disk space.
- For Mac:Inline with the operating system requirements, when theCortexXDRagent attempts to enforce an encryption profile on an endpoint, the endpoint user is required to enter the login password. Limit the number of login attempts to one or three. Otherwise, if you do not force log in attempts, the user can continuously dismiss the operating system pop-up and theCortexXDRagent will never encrypt the endpoint.
- (Windows only) Specify theEncryption methodsper operating system.For each operating system (Windows 7, Windows 8-10, Windows 10 (1511) and above), select the encryption method from the corresponding list.You must select the same encryption method configured by the Microsoft Windows Group Policy in your organization for the target endpoints. Otherwise, if you select a different encryption method than the one already applied through the Windows Group Policy,CortexXDRwill display errors.
- (Mac only) Upload the FileVaultMaster certificate.To enable theCortexXDRagent encrypt your endpoint, or to help users who forgot their password to decrypt the endpoint, you must upload toCortexXDRthe FileVaultMaster certificate / institutional recovery key (IRK). You must ensure the key is signed by a valid authority and upload a CER file only.
- Save your profile.When you’re done,Createyour disk encryption profile.
Apply Disk Encryption Profile to Your Endpoints
After you define the required disk encryption profiles, configure Protection Policies and enforce them on your endpoints.
XDRapplies Protection policies on endpoints from top to bottom, as you’ve ordered them on the page. The first policy that matches the endpoint is applied. If no policies match, the default policy that enables all communication to and form the endpoint is applied.
- Log in toCortexXDR.Go to, and selectEndpointsPolicy ManagementExtensionsPolicy Rules+New policyorImport from File.When importing a policy, select whether to enable the associated policy targets. Rules within the imported policy are managed as follows:
- New rules are added to top of the list.
- Default rules override the default rule in the target tenant.
- Rules without a defined target are disabled until target is specified.
- Configure settings for the disk encryption policy.
Alternatively, you can associate the disk encryption profile to an existing policy. Right-click the policy and selectEdit. Select theDisk Encryptionprofile and clickNext. If needed, you can edit other settings in the rule (such as target endpoints, description, etc.) When you’re done, clickDone
- Assign a policy name and optional description.The platform will automatically be assigned to Windows.
- Assign the disk encryption profile you want to use in this rule.
- Select the target endpoints on which to enforce the policy.Use filters or manual endpoint selection to define the exact target endpoints of the policy rules. If exists, theGroup Nameis filtered according to the groups within your defined user scope.
- Configure policy hierarchy.Drag and drop the policies in the desired order of execution.
- Savethe policy hierarchy.After the policy is saved and applied to the agents,CortexXDRenforces the disk encryption policies on your environment.
- Select one ore more policies, right-click and selectExport Policies. You can choose to include the associatedPolicy Targets,Global Exceptions, and endpoint groups.
Recommended For You
Recommended videos not found.