Manage Recovery Keys in Full Encryption

Applies To: WatchGuard Full Encryption This topic applies to the WatchGuard endpoint security module, Full Encryption. Full Encryption is available with WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP.

A recovery key is a unique 48-digit key that unlocks a protected hard drive. Recovery keys are created by Microsoft BitLocker on Windows computers or FileVault on Mac computers. They protect data from unauthorized access.

When WatchGuard Full Encryption detects unusual activity on a protected computer, Full Encryption prompts the user to enter the recovery key. Unusual activity might include:

• A user makes repeated attempts to enter an incorrect PIN or password while the device boots up
• A Trusted Platform Module (TPM) chip detects a change in the boot sequence
• Changes are made to the computer motherboard
• Deletion or disablement of TPM content
• Computer boot settings change
• Startup process changes

Full Encryption stores the recovery keys for all encrypted computer drives that it manages. For Windows computers, each encrypted drive has a unique recovery key. The same recovery key is used for all drives on a Mac computer.

Windows computers that are partially or entirely encrypted by users using BitLocker are not integrated into Full Encryption. Neither their encryption nor their recovery keys can be managed.

Find a Recovery Key

To obtain a recovery key on the Full Encryption dashboard, from the Encrypted Computers tile:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Status > Full Encryption.
3. In the Encrypted Computers tile, click Recovery Key Search.
   
   The Recovery Key Search dialog box opens.
4. In the text box, type the ID of the recovery key you want to find.
   In the case of a recovery key ID for an encrypted partition, enter the first eight digits. The recovery key that the user can use to unlock the encrypted disk partition is displayed.

5. Press Enter.

6. Select the found recovery ID.
   The Get Recovery Key dialog box opens.

7. Click Copy Recovery Key and send it to the user.
   

To obtain a recovery key from the Computer details page:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Status > Full Encryption.
3. In the Encryption Status tile, click the status you want to view computers for.
   The Encryption Status page opens and shows computers with the selected status.
   
   
   
4. Select the computer you want to find the recovery key for.
   The Computers page opens.
5. In the Details > Data Protection section, click Get Recovery Key.
   For Windows computers only, to obtain a removable drive recovery key, click View Encrypted Devices on this Computer.
   
   
   The Get Recovery Key dialog box opens and shows the IDs for all encrypted drives on the computer. To find another recovery key, click Find Another Key.

6. Click the encrypted drive ID of the key you want to recover.
   The Get Recovery Key dialog box opens.
   

7. Click Copy Recovery Key and send it to the user.

To obtain a removable drive recovery key, for Windows computers:

1. In the Details > Data Protection section, click View Encrypted Devices on This Computer.
   The Encrypted Devices on This Computer dialog box opens and shows the IDs of the encrypted drives on the computer.

2. Click the encrypted drive ID of the key you want to recover. To find another recovery key, click Find Another Key.
3. Click Copy Recovery Key and send it to the user.

Related Topics

About Full Encryption

Full Encryption Authentication Types