EN

United States (EN)

Australia (EN)

Canada (EN)

Canada (FR)

France (FR)

Germany (DE)

Ireland (EN)

United Kingdom (EN)

See Rippling

EN

United States (EN)

Australia (EN)

Canada (EN)

Canada (FR)

France (FR)

Germany (DE)

Ireland (EN)

United Kingdom (EN)

See Rippling
Use Cases

How IT teams enforce encryption across every device using Rippling IT

Author

Profile picture of Michael Hendricks.

Michael Hendricks

Published

January 30, 2026

Read time

4 MIN

Card image - Device trust

In this article

  1. What you'll learn
  2. What you'll need
  3. The problem
  4. The hypothesis
  5. The solution
  6. The impact
  7. FAQs

What you'll learn

  • How to secure every macOS and Windows computer with full disk encryption

  • How Rippling uses native operating system encryption (FileVault and BitLocker)

  • How to monitor encryption status and recovery keys in one dashboard

  • How to automate compliance follow-up using Workflow Studio

What you'll need

  • Rippling IT with Device Management

  • macOS or Windows devices that are MDM-enrolled and running the Rippling Agent

  • FileVault support on macOS and BitLocker support on Windows Pro or higher

  • Workflow Studio to automate encryption reminders and alerts

The problem

Disk encryption is one of the most important ways to protect company data. If a computer is lost or stolen, encryption prevents anyone from accessing files, even if they reset the device password.

However, enforcing encryption across an entire fleet is difficult. Many companies rely on employees to enable it manually, which leads to inconsistent adoption. Devices may be a mix of personal and company-owned, and Windows and macOS each use different encryption tools.

IT teams often lack a single place to see which devices are encrypted, which ones require user input, or where recovery keys are stored. Manual audits take time and can leave gaps that expose sensitive data. Without centralized enforcement, encryption becomes a patchwork process that leaves room for error.

The hypothesis

If encryption is enforced through Rippling Device Management, IT teams can rely on a single policy to mandate encryption across all supported macOS and Windows devices. With real-time visibility and automated follow-up, encryption can become a consistent, automated baseline rather than a manual security task.

The solution

1. Use Rippling Device Management to enable native OS encryption

Rippling does not create its own encryption method. Instead, it turns on each operating system’s built-in technology:

  • FileVault 2 on macOS, using AES-XTS encryption with 256-bit keys

  • BitLocker on Windows Pro, Enterprise, or Education

When encryption is required, Rippling sends the command the next time the device checks in. Because the Rippling Agent and MDM are active, the device receives the instruction automatically.

Rippling securely stores each device’s recovery key in the Devices app. IT can retrieve a recovery key at any time from the device’s Security tab.

2. Enforce encryption with a single policy

Once encryption is enabled, any computer enrolled in Rippling Device Management will begin encrypting its disks the next time it comes online and checks in with Rippling. If the operating system requires the employee to enter their device password to start encryption, Rippling creates a task in the employee’s Rippling desktop app asking them to enter it. The device encrypts once that step is completed, and Rippling reflects the updated encryption status in the Devices app.

3. Monitor encryption status from one dashboard

The Devices app keeps real-time visibility into:

  • Whether encryption is enabled

  • Whether a device is pending action

  • Recovery keys for each device

  • Devices that cannot encrypt, such as Windows Home computers

  • OS versions that may impact encryption support

Admins can click any device to view its encryption status, FileVault or BitLocker details, and the stored recovery key.

4. Automate compliance checks using Workflow Studio

With Workflow Studio, IT teams can automate encryption oversight. Examples include:

  • Notifying IT when a device has remained unencrypted for a set number of days

  • Alerting an employee and their manager if encryption tasks remain incomplete

  • Creating IT tasks for devices that fail encryption repeatedly

  • Sending weekly reports summarizing all devices with incomplete encryption

Automation removes the need for manual audits and ensures encryption issues do not go unnoticed.

The impact

✓ Encryption applied automatically across macOS and Windows devices

✓ Recovery keys securely stored and accessible from the Devices app

✓ Full visibility into encryption compliance across the fleet

✓ Workflows catch gaps early and reduce manual follow-ups

✓ Stronger security posture and reduced risk from lost or stolen devices

Rippling IT transforms encryption from a manual process into a reliable, automated safeguard for every managed device. By leveraging OS-native tools and centralized policy enforcement, IT teams can secure data across their entire fleet with minimal effort.

FAQs

How does Rippling encrypt devices?

Rippling enables native OS encryption. macOS devices use FileVault 2, and Windows devices use BitLocker.

Does Rippling store recovery keys?

Yes. Recovery keys are stored securely and available in the Security tab for each device.

What happens if an employee never completes their pending task?

The device remains in a pending state. IT can use workflows to send reminders or escalate the task.

Schedule a demo with Rippling IT today
See Rippling IT

Disclaimer

Rippling and its affiliates do not provide tax, accounting, or legal advice. This material has been prepared for informational purposes only, and is not intended to provide or be relied on for tax, accounting, or legal advice. You should consult your own tax, accounting, and legal advisors before engaging in any related activities or transactions.

Hubs

Author

Profile picture of Michael Hendricks.

Michael Hendricks

Head of IT Content

Michael Hendricks is an award-winning writer and editor with over a decade of experience shaping compelling narratives across newsrooms, non-profits, and digital media organizations. With a background that bridges journalism and strategic communications, he brings a keen editorial eye and a sharp understanding of how to translate complex information into stories that connect. Michael currently leads content for Rippling IT, where he manages editorial strategy and content. Previously, he’s worked with outlets such as CNN and Search Party, where he produced and edited stories ranging from geopolitics and public policy to global markets and the business of sports with nuance and care.

Explore more

Graphic illustration of a laptop with an exclamation point alert hovering in front of its screen
Jan 30, 2026
|
IT

How IT teams automatically alert employees when their device shows high RAM usage using Rippling IT

Learn how IT teams use Rippling Device Management and Workflow Studio to detect high RAM usage and automatically alert employees before performance issues occur.

Graphic illustration of a laptop and mobile device, both with the Rippling logo on the screen
Jan 30, 2026
|
IT

How IT teams monitor device health from a single dashboard using Rippling IT

Learn how IT teams monitor device health, security, and compliance from a single dashboard using Rippling IT, with reports and automated workflows.

Graphic illustration of a laptop with an exclamation point alert hovering in front of its screen
Jan 30, 2026
|
IT

How lean IT teams alert admins automatically when 10 or more threats are detected on a device in 24 hours with Rippling IT

Learn how lean IT teams use Rippling IT, SentinelOne, and Workflow Studio to automatically alert admins when devices hit 10+ threats in 24 hours.

Graphic illustration of a laptop with an exclamation point alert hovering in front of its screen
Jan 30, 2026
|
IT

How IT teams automatically alert employees and IT admins when a device battery needs to be replaced using Rippling IT

Learn how IT teams use Rippling IT to automatically alert employees and admins when laptop batteries need replacement using real-time device data.

[Blog - Hero Image] New device
Jan 30, 2026
|
IT

How to automatically alert managers when a device has not connected to Rippling for 3 days with Rippling IT

Learn how IT teams use Rippling IT to automatically alert managers when laptops haven’t connected in 3 days using MDM status and workflows.

[Blog - Hero Image] New device
Jan 30, 2026
|
IT

How IT teams track every laptop without spreadsheets using Rippling IT

See how IT teams track every laptop automatically using Rippling IT — no spreadsheets required. Get real-time visibility into devices, security, and inventory.

Laptop and cellphone with Rippling logo on them both.
Jan 30, 2026
|
IT

How IT teams automate laptop returns with prepaid shipping kits using Rippling IT

See how IT teams automate laptop returns for remote employees using prepaid shipping kits, inventory tracking, and offboarding workflows in Rippling IT.

Blog Hero - Password
Jan 30, 2026
|
IT

How IT teams set up role-based software installation with Rippling IT

Discover how to deploy and remove software automatically based on role, department, and device attributes using Rippling IT and Supergroups.

See Rippling in action

Increase savings, automate busy work, and make better decisions by managing HR, IT, and Finance in one place.

Start free trialRequest demo