Trinity Device Encryption Service - Windows Desktops and Laptops
How McAfee Management of Native Encryption works via BitLocker
Management of Native Encryption, as the name implies, uses the native Windows encryption client known as BitLocker to encrypt the hard drive of the device.
BitLocker fully encrypts the entire hard disk, including the operating system.
Once BitLocker is enabled on your Windows device your login experience will not change. You will continue to log in as normal unless you are using an older laptop/desktop, which will require a pre-boot password.
The benefit of using the McAfee Management solution is that the 'recovery key' is stored on a secure Trinity server. This secure server can only be accessed by IT Services staff, thus meeting the high-security requirements related to confidential Trinity data.
This device encryption provides the best possible security should the device be lost or stolen - provided the user has not physically written down their username and password and left it with the device.
In the event of a theft, an audit record exists confirming that all data and software on the device has been encrypted.
BitLocker Pre-Boot Password
Staff that are currently using laptops/desktops purchased before 2018 may be required to set up and use a pre-boot password.
- When IT Services enable encryption on your device you will receive the below prompt.
Important: Once this password is created it will remain unchanged unless you manually update it. It will not be synced with your normal Windows password.
- Next time you start your computer you will be presented with the below screen where you will have to enter the password you created in step 1.
Backing up your data
Please note that this service does not backup your data. All users are still responsible for backing up the data on the computers they use.
Leaving Trinity and Uninstalling BitLocker
As per the terms and conditions of this encryption service, if the user's account expires or is disabled, all encryption facilities will be terminated. In the event of such termination, users are obliged to contact the IT Service Desk so that BitLocker can be removed.
This is of relevance to those members of staff planning to leave Trinity permanently. In this instance, the member of staff or their manager should contact the IT Service Desk in advance to arrange for the uninstallation of BitLocker.