Full Disk Encryption options in SafeGuard 6.10 / 7.0

  • Article ID: 118945
  • Rating:
  • 5 customers rated this article 3.0 out of 6
  • Updated: 29 Mar 2016

Variants of Full Disk Encryption in SafeGuard 6.10 / 7.0

Applies to the following Sophos product(s) and version(s)
SafeGuard Device Encryption 7.0
SafeGuard BitLocker Client 7.0
SafeGuard BitLocker Client 6.10.0
SafeGuard  Device Encryption 6.10.0

Available options 

Depending on the operating system you are using, different volume-based encryption options (also known as full-disk-encryption options) are available.

  • Bitlocker C/R (optional addition to BitLocker on certain UEFI systems)

offers a SafeGuard Challenge/Response mechanism for BitLocker recovery (e.g. if a user forgets their PIN). In this case no one has access to the BitLocker recovery key, so this option is considered more secure than the standard BitLocker management. On the downside, disaster recovery options are limited.   

  • Bitlocker managed by SafeGuard 

is the module that enables and manages the BitLocker encryption engine and the BitLocker pre-boot authentication. All BitLocker recovery methods offered by Microsoft, which require the BitLocker recovery key, are possible.

  • SafeGuard Full Disk Encryption with POA

is the Sophos module for encrypting volumes on endpoints. It comes with a Sophos implemented pre-boot authentication named SafeGuard Power-on Authentication (POA) which support logon options like smartcard and fingerprint, and a Challenge/Response mechanism for recovery. We offer disaster recovery mechanisms (e.g. drive slaving, recovery using WinPE, etc.).

  • FileVault 2 managed by SafeGuard

is the module that enables and manages the FileVault 2 encryption engine and pre-boot authentication. All FileVault 2 recovery methods offered by Apple, which require the FileVault recovery key, are possible.


The table below shows which encryption modes version 6.10 and 7.0 are supporting according to your operating system:

OS BitLocker C/R* BitLocker
managed by SafeGuard * 
SafeGuard full disk encryption 
with Power on Authentication (POA)
 FileVault 2
managed by SafeGuard 
Windows 7 BIOS n/a 32bit, 64bit 32bit, 64bit n/a
Windows 7 UEFI 64bit 64bit n/a n/a
Windows 8, 8.1 BIOS n/a 32bit, 64bit n/a n/a
Windows 8, 8.1 UEFI 64bit 64bit n/a n/a
Windows 10 BIOS n/a 32bit, 64bit n/a n/a 
Windows 10 UEFI
64bit 64bit  n/a  n/a 
Mac OS X 10.8 n/a n/a n/a 64bit
Mac OS X 10.9 n/a n/a n/a 64bit
Mac OS X 10.10** n/a n/a  n/a  64bit 

* only available on the OS editions with BitLocker Support (Windows 7 Enterprise and Ultimate Edition, Windows 8/8.1 Pro and Enterprise Edition)

** Installations on OS X 10.10 require an updated installation package of the 6.10 client (version, which is available in the download area of Sophos.com as of 24th of October 2014 or SafeGuard version 7.

Related articles

Sophos SafeGuard Release Notes landing Page





If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent