How IT teams enforce encryption across every device using Rippling IT

What you'll learn

• How to secure every macOS and Windows computer with full disk encryption

• How Rippling uses native operating system encryption (FileVault and BitLocker)

• How to monitor encryption status and recovery keys in one dashboard

• How to automate compliance follow-up using Workflow Studio

What you'll need

• Rippling IT with Device Management

• macOS or Windows devices that are MDM-enrolled and running the Rippling Agent

• FileVault support on macOS and BitLocker support on Windows Pro or higher

• Workflow Studio to automate encryption reminders and alerts

The problem

Disk encryption is one of the most important ways to protect company data. If a computer is lost or stolen, encryption prevents anyone from accessing files, even if they reset the device password.

However, enforcing encryption across an entire fleet is difficult. Many companies rely on employees to enable it manually, which leads to inconsistent adoption. Devices may be a mix of personal and company-owned, and Windows and macOS each use different encryption tools.

IT teams often lack a single place to see which devices are encrypted, which ones require user input, or where recovery keys are stored. Manual audits take time and can leave gaps that expose sensitive data. Without centralized enforcement, encryption becomes a patchwork process that leaves room for error.

The hypothesis

If encryption is enforced through Rippling Device Management, IT teams can rely on a single policy to mandate encryption across all supported macOS and Windows devices. With real-time visibility and automated follow-up, encryption can become a consistent, automated baseline rather than a manual security task.

The solution

1. Use Rippling Device Management to enable native OS encryption

Rippling does not create its own encryption method. Instead, it turns on each operating system’s built-in technology:

• FileVault 2 on macOS, using AES-XTS encryption with 256-bit keys

• BitLocker on Windows Pro, Enterprise, or Education

When encryption is required, Rippling sends the command the next time the device checks in. Because the Rippling Agent and MDM are active, the device receives the instruction automatically.

Rippling securely stores each device’s recovery key in the Devices app. IT can retrieve a recovery key at any time from the device’s Security tab.

2. Enforce encryption with a single policy

Once encryption is enabled, any computer enrolled in Rippling Device Management will begin encrypting its disks the next time it comes online and checks in with Rippling. If the operating system requires the employee to enter their device password to start encryption, Rippling creates a task in the employee’s Rippling desktop app asking them to enter it. The device encrypts once that step is completed, and Rippling reflects the updated encryption status in the Devices app.

3. Monitor encryption status from one dashboard

The Devices app keeps real-time visibility into:

• Whether encryption is enabled

• Whether a device is pending action

• Recovery keys for each device

• Devices that cannot encrypt, such as Windows Home computers

• OS versions that may impact encryption support

Admins can click any device to view its encryption status, FileVault or BitLocker details, and the stored recovery key.

4. Automate compliance checks using Workflow Studio

With Workflow Studio, IT teams can automate encryption oversight. Examples include:

• Notifying IT when a device has remained unencrypted for a set number of days

• Alerting an employee and their manager if encryption tasks remain incomplete

• Creating IT tasks for devices that fail encryption repeatedly

• Sending weekly reports summarizing all devices with incomplete encryption

Automation removes the need for manual audits and ensures encryption issues do not go unnoticed.

The impact

✓ Encryption applied automatically across macOS and Windows devices

✓ Recovery keys securely stored and accessible from the Devices app

✓ Full visibility into encryption compliance across the fleet

✓ Workflows catch gaps early and reduce manual follow-ups

✓ Stronger security posture and reduced risk from lost or stolen devices

Rippling IT transforms encryption from a manual process into a reliable, automated safeguard for every managed device. By leveraging OS-native tools and centralized policy enforcement, IT teams can secure data across their entire fleet with minimal effort.

FAQs