Whole Disk Encryption

Duke Enterprise Whole Disk Encryption Solutions:

• Windows computers should use Windows BitLocker Drive Encryption.
• Apple OS X computers should use Apple's FileVault 2.
• Linux computers should use an equivalent encryption solution.

See the following resources for managing whole disk encryption:  

• Enabling FileVault 2 in OS X
• Overview of BitLocker Device Encryption in Windows

For computers managed by Duke IT staff:

Duke IT staff should take additional steps beforehand in order to ensure that the recovery key is recorded in a central location (i.e. "key escrow").

• To escrow Windows BitLocker recovery information in Active Directory, see the How to Store BitLocker Recovery Information in Active Directory Duke KnowledgeBase article
• To escrow Apple OS X FileVault 2 recovery information, enroll the computer in the Duke University Jamf instance and then refer to one of the Jamf guides on Administering FileVault.

Note: Computers in Duke Health are subject to different policies regarding encryption; see the Duke Health encryption standard and explanatory video for details.