JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Enforce Full Disk Encryption (FDE) for Mac & Windows



Over the last two decades, full disk encryption (FDE) has evolved from a little-known security feature to an expected industry standard in system security. In order to enforce FDE across an enterprise and do it efficiently, IT has turned to a variety of third-party tools. But while many of these are adequate FDE management solutions to enforce at scale, they’ve all been exclusively for either Mac® or Windows®. For organizations that leverage both, is it possible to enforce full disk encryption for Mac and Windows?

FDE for Mac or Windows

FDE for Mac and Windows machines

If you’re managing an all Windows environment, then you almost certainly have Microsoft® Active Directory® (AD) as your identity provider. AD comes with about a ton of policies, including ones that control BitLocker, the associated Windows FDE software. Note, even with AD, you’ll need add-ons to manage the recovery keys for BitLocker, which is a critical component of the process of managing FDE.

But chances are, even if you’re a Windows-centric environment, you’ve got a few rogue users out there roaming the hallways with their Macbook® Airs. Not surprisingly, Microsoft AD isn’t known for its seamless management of Apple® devices.

The same is true on the other side of the coin. There are boutique, Mac management platforms that cater specifically to the Mac admin. But none of these are even trying to be a full-on directory service, like Active Directory. Certainly, none of them are taking on Windows management. Additionally, there are only a few solutions that manage FileVault 2, Mac’s FDE suite.

Add in apps, networks, and infrastructure, and IT has been forced to handle an increasingly disparate environment with an increasingly disparate set of tools. Admins are resourceful. Admins adapt and get it done. But admins can’t deny: this approach doesn’t scale. You can’t just keep adding band-aids and expect the end result to be surgical.

Unifying FDE Management for Mac & Windows

Cloud Directory Services

For years, there wasn’t an FDE management solution that could bridge the cross-OS gap. That is no longer the case now that JumpCloud® has added policies for both FileVault (Mac) and BitLocker (Windows). Admins looking for a unified FDE tool that’s compatible with Mac & Windows can now have that in JumpCloud Directory-as-a-Service®—along with an assortment of other security policies, such as the ability to disable USB drives.

If system security is a priority for you and you like the idea of robust Windows and Mac management from a unified, web-based console, then you should consider JumpCloud. You can now request a technical demo of JumpCloud or get started with access to the full Directory-as-a-Service platform (free to use up until ten users).


Recent Posts
Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Blog

LDAP Authentication for Samba File Servers

Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

Blog

Integrating AWS Client VPN into Your IT Environment

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.

Blog

JumpCloud University: Our Approach to Education

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.