Self-Service: How To Encrypt a Windows or macOS Computer
Modified on: Tue, 3 Sep 2024 1:48 PMIntroduction
This article is written for University of Alberta staff, faculty, or students who are utilizing personal devices to store university data. If you are a staff member who has enrolled a personal device into the University of Alberta's Work From Home Program, then you are required to encrypt your personal device and take additional security measures to secure your PC, as detailed here.
The University of Alberta requires that any portable device (laptop, Macbook, cell phone or tablet) that stores university related data needs to be encrypted. Encryption technologies scramble the data on the storage drive. This prevents a threat actor who may gain access to your device in an unauthorized manner from accessing sensitive data stored on the drive.
Please be advised, Information Services & Technology (IST) provides these guidelines to assist clients with safeguarding their personal computing devices, however we do not provide any technical support or assistance for personal computers, even those registered in the Work From Home Program. Managing the encryption and access of a personal computer is the sole responsibility of the individual that owns the device in question.
If you have a computer provided by the University of Alberta or your department and you would like assistance with encryption, please contact IST at 780-492-8000 or log a ticket with us via our website. More information about encryption and why it is important can be found on our website here.
Procedure
The following links direct to both Microsoft (Windows) and Apple (macOS) support sites with instructions to setup the encryption tools they provide for their respective platforms. These instructions are for personally owned devices only. It is strongly recommended you review the information provided in this article before following the instructions in the provided links. IST cannot assist in encrypting your personally owned computer beyond providing these guidelines.
Instructions: Encrypting a Windows Computer
Microsoft offers two solutions for encryping your Windows 10 or 11 computer, Device Encryption and Bitlocker Drive Encryption.
Device Encryption is the preferred method for encrypting personal computers. Device Encryption requires the use of a Microsoft Account. The encryption key is tied to the account, and data is only accessible when an authorized account logs into the device. Please be aware, if you lose access to your Microsoft Account used in the encryption process, you will lose access to all of your data stored on the device. IST will not be able to assist with any technical issues that may arise in this scenario.
Bitlocker Drive Encryption is an alternative method of encrypting a Windows computer. Not all Windows computers allow for Bitlocker Drive Encryption. With Bitlocker, a 25 character encryption key is created in a separate text file. This file cannot be stored on the drive that was encrypted, and it is recommended to be stored in a secure personal (i.e non-University of Alberta) cloud location such as Google Drive, or in a personal password manager solution. If a computer is lost or stolen the data on the drive is inaccessible without an authorized account or the 25 character key stored in the text file. Please be aware, if you lose access to the encryption key file and your computer makes a request for the encryption key, you will lose access to all of your data stored on the device. IST will not be able to assist with any technical issues that may arise in this scenario.
Instructions: Encrypting a macOS Computer
Apple offers one solution, called Filevault, to encrypt macOS devices.
Filevault allows you to either tie the encryption key to your Apple ID, or create a separate 25 character recovery key to store in a text file. When following the instructions for setting up Filevault, you will be asked which method you prefer. It is strongly recommended to utilize your Apple ID to store your encryption key, however if you lose access to your Apple ID account you will lose access to all of your data stored on the device. IST will not be able to assist with any technical issues that may arise in this scenario.
If you select the option to create a 25 character recovery key, the key must be manually typed out into a separate text file, and it is recommended that you store it in a secure personal (i.e non-University of Alberta) cloud location such as Google Drive, or in a personal password manager solution. If a computer is lost or stolen the data on the drive is inaccessible without an authorized account or the 25 character key stored in the text file. Please be aware, if you lose access to the encryption key file and your computer makes a request for the encryption key, you will lose access to all of your data stored on the device. IST will not be able to assist with any technical issues that may arise in this scenario.
Keywords: windows 10, windows 11, macOS, apple, microsoft, encrypt, encryption, bitlocker, security, SPED, data privacy, VPIT, VP-IST, laptop, tablet, cell, phone, self-service