* About: Full disk encryption (FDE)


Service overview | Who can use it | How to request & access | Cost | Availability | FAQs | Best practices & policies | Training & documentation | Support

Service overview

Encryption is a means of protecting data stored on your computer by converting it to a format that unauthorized users cannot easily decipher. Full disk encryption (FDE) protects all files and data saved to disk, including the operating system, executable files, and documents.

FDE offers the highest level of security and privacy and is therefore highly recommended for all users. If your computer is stolen or left unguarded, no one can access your encrypted files without entering the password (usually called an encryption key).

The installation of FDE creates a recovery key, which is required if an error occurs and the data on the disk needs to be recovered. This key will be stored on a secured server and can be retrieved if it is needed.

All IT Sevices' managed computers are deployed with BitLocker (Windows) or FileVault (MacOS).

Who can use it

Faculty and Staff with McGill-managed PCs.

How to request access to the service

The majority of managed computers provided by IT Services are encrypted by default.

Contact the IT Service Desk or local technical support staff to enable BitLocker (Windows) or FileVault (MacOS) on your McGill-managed computer.

Note: Currently, MacOS computers shared amongst users cannot be encrypted with FileVault. We hope to offer this option in the near future.

Cost

There is no associated cost for this service.

Availability

This service is available 24 X 7.

Frequently asked questions

I am a contractor using my own computer. Will I get Full Disk Encryption (FDE)?

No. Full Disk Encryption (FDE) will only be installed on McGill-managed computers. If a contractor or part-time faculty member owns a computer, it will not be encrypted as part of this service.

Do I need to do anything when FDE is deployed?

If you have a Windows computer, the change will be deployed in the background without disrupting your work. No reboot is required.

Note: For laptops, if the installation occurs while the computer is in use, you may be prompted to connect to an external power source. If the computer is powered off during deployment, this prompt may appear once it is restarted.

If you have a MacOS computer, you will need to do the following: 

  1. Sign out, then sign back in.  
  2. The following message will appear onscreen: “Your administrator requires that you enable FileVault." Click Enable Now to finish the deployment. 

Will encryption slow down my computer? 

FDE for Windows comprises two key components: BitLocker and the Azure portal. BitLocker, the encrypting engine, is part of the Windows operating system. As such, it should not affect the performance or functionality of your computer.  

How does FDE work on a Windows computer? 

BitLocker recovery keys are stored, managed, and retrieved using the integrated functionality of the Windows operating system. The installation and configuration of FDE will create a recovery key (a 48-digit numeric code) to decrypt your data. One example of when this key would be required is for restarting in “Safe Mode."  

What if I am off campus?

When you connect to McGill’s Virtual Private Network (VPN), our centralized management servers should communicate with your computer to begin the encryption process. If that doesn’t happen, the encryption process should begin the next time your computer connects to the McGill network.

Are USB keys affected?

USB keys will not be encrypted as part of this deployment. However, it is strongly recommended that you delete confidential data stored on a USB drive and transfer it to SharePoint, OneDrive, or a network-shared drive.

What if I’ve already encrypted using Bitlocker?

No action is required on your part; the recovery key will be pushed to the central server.

How do I recover my encrypted files if I get "locked out" of my computer?

You can recover your encryption key by using a second computer or device. See How to recover an encryption key for a computer with full disk encryption.

Best practices & policies

See best practices from the Government of Canada's Canadian Centre for Cyber Security: Using Encryption to Keep Your Sensitive Data Secure.

Training & documentation

See How to recover an encryption key for a computer with full disk encryption.

You can set up disk encryption on your personal devices as well:

Note: The IT Service Desk cannot assist with issues related to disk encryption on personal computers.

Support

If you need assistance to recover your encryption key, contact the IT Service Desk.