Whole Disk Encryption Overview:
Request encryption assistance
Encrypting your computer is one of the most effective ways to protect the information stored on your hard drive. All university computers should be encrypted by default. Encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved OIT locations under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, Whole Disk Encryption (WDE) is an essential best practice.
If your device is ever lost or stolen, OIT can verify that the device was encrypted and that your information may not be accessed by any third party.
The University of Idaho requires computers which process high risk data be encrypted using WDE with a PIN, and will encrypt by default all computers.
What it Can Do
- Protect all data if your computer is lost or stolen
- Protect data from unauthorized users attempting to break in to your physical device
What it Cannot Do
- Encrypt e-mail
- Encrypt files moved to the network (i.e. S: drive or OneDrive), or a USB/flash drive
- Protect data stolen by malware or someone with your password
Features
- Information stored on computers encrypted with WDE cannot be accessed by unauthorized users
- Information can be recovered from the system with the assistance of ITS in the event that the startup passphrase is lost or forgotten
- Encryption can be deployed consistently across both Windows and Mac computers
Requirements
Windows 10 (1909) and newer supported versions of Windows
- At least 1 GB of RAM (Not all of this is needed by WDE)
- System must be joined to the Active Directory Domain.
- System must have the System Center Configuration Manager client installed. You may need assistance from your TSP or SysAd as an employee, or the Student Technology Center as a student.
- Systems using Windows must be equipped with a Security Chip (TPM) version 2.0+
Mac OS X 10.14 and newer
- At least 2 GB of RAM (Not all of this is needed by WDE)
FAQ
Why am I required to encrypt my computer?
You are required to have your computer drives encrypted to help ensure if your computer is lost or stolen, no data is lost or compromised. This is a best practice that has been in place for UI users handling high risk data for many years, and is now the default on all new machines. This also helps the university comply with regulatory and contractual compliance, including work for the federal government, Idaho National Lab, and several other research contracts.
I forgot my pre-boot passphrase, is my information lost?
No need to worry. Rest assured your information is not lost. OIT can assist you in booting your computer and resetting the pre-boot passphrase. Contact your TSP or SysAd to initiate the recovery process.
Will Whole Disk Encryption make my computer slow?
WDE should not reduce the overall performance of your computer. However, during the encryption process you may experience some latency in normal tasks. Once the computer has completed the encryption process there will be a slight delay during the boot up process. Once the Operating System (Windows, Mac OS X) has loaded, there should be no detectable change in performance. If you suspect performance is being affected, please contact Technical Support Services or your System Administrator to determine the cause.
Learn More
Data Classification:
University Data Classification and Standards Policy
Standards: Data Classifications
How to find your Computer Name and MAC Address [Tutorial]
How to set up Encryption - [OS X] [Windows]
What to do if you've forgotten your Encryption Passphrase - [OS X] [Windows]
If you need help with startup authentication or require additional assistance, submit a request to your TSP or System Administrator if you're an employee.