Client Hardware Requirements

The minimum hardware requirements for client computers to run the Endpoint Security Package with the BitLocker Management Full Disk Encryption option are:

• 2 GB RAM.
• 2GB free disk space.
• Trusted Platform Module (TPM) chip.
  • TPM 2.0 requires UEFI
  • Legacy BIOS mode requires TPM 1.2

See Microsoft's page for BitLocker System Requirements.

Defining the Management Policy for Bitlocker

The E82.20 version of BitLocker Management.

1. Bitlocker Management is part of the Full Disk Encryption Blade. Therefore prior to installing anything on the client the Full Disk Encryption Blade policy should be defined to use BitLocker Management, if this is the desired mode of operation.

   

2. The action inside.

   

3. Switch the action to use BitLocker Management.

   

4. The message pop up. Click Yes if you wish to continue.

   Important: Be aware that all endpoints that the policy is assigned to will use BitLocker Management. If Check Point Full Disk Encryption (classic) is installed and encrypted on any of the endpoints receiving the policy a crossgrade will be initiated, see below sections for details on crossgrade.

   

5. Only two actions remain visible for the Full Disk Encryption settings for the Entire Organization.

   

6. Editing the BitLocker Management policy.
   1. Select to encrypt either the entire driver or only data. On fresh Windows installations, used disk space only is recommended. On machines that have been in production and already have user data, such as documents and emails, the entire drive should be selected.
   2. Choose whether to encrypt all drives and volumes or to encrypt the OS drive (usually C:\) only.
   3. Select the algorithm. Selecting Windows Default is recommended and will use XTS-AES-128 on Windows 10 1507 or later. Selecting Windows default also enables the BitLocker Management to leave any existing encryption on the disk in its current state.

   

On the Client side, the tray screen shows BitLocker.