When logged in to Central > Encryption > Computers, there is a field for "Device Encryption" which shows whether any given computer is encrypted or not.

This field details the 3 outcomes : Not Available (agent not deployed), Not Encrypted (agent deployed, encryption not started) and Encrypted (agent deployed, policy accepted, encrypted).

However there is no way of filtering these. What would be really useful is the ability to show just the machines which are not encrypted as these have the agent but have not been protected so something has gone wrong with the software or the plan. Trying to find these by looking down the list is not practical when a customer has more than about 50 Endpoints.

This feature request is originated by a customer, please contact me if you want more detail on who.

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption

It is possible, that SafeGuard (or Central) Policies collide with Bitlocker GPO without recognizing it.
It might be confusing to separate SGN local cache values with Bitlocker registry-entries.

A simple Client tool should match HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE with die LC-Policies and create a *.xml into %ALLUSERSPROFILE%\Utimaco\SafeGuard Enterprise\

In this folder the log is automatically gathered by the SDU without changing and can be used even on older SG-versions.

The shortly described values should be matched as a simple "match"/"mismatch"/"not configured" to easily see possible configuration errors.

The tool is independent from the client itself and can be distributed by KBA and/or future client releases.

Didn't catch this lack of support of a basic Windows feature until launching our wide rollout to the hospital PCs. Disabling U.S. might be fine in enterprise large office environments where a cube-dweller uses their dedicated PC for an 8 hour shift. But your product strangles a feature that's ingrained in smaller medical / industrial / retail PC usage. Without U.S. ability, using SafeGuard means a nurse has to close their apps (usually an EMR, Radiology, Lab reports web-view, security system monitor, etc.) and log out completely every time she has to leave the station to bring a new mother a cup of ice water and check baby or go on a quick break, in case another provider has to use the PC at that station to enter vitals they just collected. So the lack of this basic feature support (whether it's fashionable to use in the large enterprises or not) makes it completely unsuitable for the way many organizations actually use their devices. Do you have any intention of ever supporting it?

Hi,

I have a couple of feature request that should be consired implemented in the future with more and more customers embracing encryption on the fly.

Feature request:

1. Customisable HTMLWrapper template
More customers is requesting changing the logo on the template for the HTML5 wrapper. I looked trough the code to see if I could modify this myself, but the images/logos was hardcoded and a would rather not change anything in the code for security reasons.

2. The possibility to launch and decrypt the HTML5 wrapper from smartphones and tablets. I know this not a missing feature from sophos but missing compliability by the browse of the mobile devices. Any news?

3. Are you working on, or have considered the possibility to password protect the dokument before encrypting it with the same password. This would leave the document password protected at the user end when exchanging data. I have had a lot of request lately for this because the company is concerned about loss of image if the unprotected document is left in the wild.

3. The possibility to encrypt multiple files and choosing which ones to encrypt when exchanging data by outlook and the plugin. And idea could be to make a drag and drop interface with documents that you want wrapped in the top and unprotected attachments below.

An example:
This would make the companies able to send out two HTML5 wrapped and encrypted documents along with two unprotected ones.

I want to be able to use the Data loss prevention feature in Sophos Cloud Enpoint Protection.

Problem is, we are unable to use it as when enabled, it also blocks us uploading files to our internal intranet sites via IE. I can see no way of setting destination exclusions for the data loss prevention feature. Which basically truns a potentially amazing feature into an unusable technical tease.

My suggestion is to add destination exclusions to the Data Loss Prenetion Policy. It should allow file transfer exclusions for internal addresses and allow manual destination exclusions. i.e. Blocks transfers via WeTransfer but will allow Dropbox, etc by policy.