Enforce Full Disk Encryption (FDE) for Mac & Windows

Written by Zach DeMeyer on November 28, 2018

Share This Article

Over the last two decades, full disk encryption (FDE) has evolved from a little-known security feature to an expected industry standard in system security. In order to enforce FDE across an enterprise and do it efficiently, IT has turned to a variety of third-party tools. But while many of these are adequate FDE management solutions to enforce at scale, they’ve all been exclusively for either Mac® or Windows®. For organizations that leverage both, is it possible to enforce full disk encryption for Mac and Windows?

FDE for Mac or Windows

FDE for Mac and Windows machines

If you’re managing an all Windows environment, then you almost certainly have Microsoft® Active Directory® (AD) as your identity provider. AD comes with about a ton of policies, including ones that control BitLocker, the associated Windows FDE software. Note, even with AD, you’ll need add-ons to manage the recovery keys for BitLocker, which is a critical component of the process of managing FDE.

But chances are, even if you’re a Windows-centric environment, you’ve got a few rogue users out there roaming the hallways with their Macbook® Airs. Not surprisingly, Microsoft AD isn’t known for its seamless management of Apple® devices.

The same is true on the other side of the coin. There are boutique, Mac management platforms that cater specifically to the Mac admin. But none of these are even trying to be a full-on directory service, like Active Directory. Certainly, none of them are taking on Windows management. Additionally, there are only a few solutions that manage FileVault 2, Mac’s FDE suite.

Add in apps, networks, and infrastructure, and IT has been forced to handle an increasingly disparate environment with an increasingly disparate set of tools. Admins are resourceful. Admins adapt and get it done. But admins can’t deny: this approach doesn’t scale. You can’t just keep adding band-aids and expect the end result to be surgical.

Unifying FDE Management for Mac & Windows

Cloud Directory Services

For years, there wasn’t an FDE management solution that could bridge the cross-OS gap. That is no longer the case now that JumpCloud® has added policies for both FileVault (Mac) and BitLocker (Windows). Admins looking for a unified FDE tool that’s compatible with Mac & Windows can now have that in JumpCloud Directory-as-a-Service®—along with an assortment of other security policies, such as the ability to disable USB drives.

If system security is a priority for you and you like the idea of robust Windows and Mac management from a unified, web-based console, then you should consider JumpCloud. You can now request a technical demo of JumpCloud or get started with access to the full Directory-as-a-Service platform (free to use up until ten users).

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter