Skip to main content

ComplyJet Agent – Hard Drive Encryption (Windows & macOS)

Learn how to enable full disk encryption so the ComplyJet Agent can evaluate device compliance correctly.

Written by Upendra Varma
Updated this week

To pass the “Hard Drive Encryption” device check in ComplyJet, your device must have full disk encryption enabled.

Disk encryption protects sensitive company data in case a device is lost, stolen, or accessed without authorization.

These instructions apply only when using the ComplyJet Agent directly on the device.

If you are using an external MDM (Hexnode, Intune, Jamf, etc.), refer to the respective MDM setup guide instead.

ComplyJet evaluates the encryption status detected by the Agent.

Requirement Overview

To pass the check:

  • Full disk encryption must be enabled

  • The system drive must be encrypted

  • Encryption must be actively enforced (not paused or in progress indefinitely)

macOS Configuration (FileVault)

macOS uses FileVault for full disk encryption.

Steps to Enable FileVault

  1. Open System Settings

  2. Navigate to Privacy & Security

  3. Scroll to FileVault

  4. If FileVault is off, click Turn On FileVault

  5. You may need to click the lock icon and authenticate to make changes

  6. Follow the prompts to enable encryption

Once enabled:

  • FileVault will begin encrypting your disk

  • You may see a progress indicator

  • Encryption runs in the background

The device will be marked Compliant once encryption is fully enabled and detected by the ComplyJet Agent.

Windows Configuration (BitLocker)

Windows uses BitLocker for full disk encryption.

BitLocker is only available on Windows Pro, Enterprise, and Education editions. It is not available on Windows Home.

You may want to follow the steps to turn on standard Bitlocker encryption provided by Microsoft. Follow Microsoft's official steps to turn on BitLocker encryption:

  1. Locate the hard drive you want to encrypt under “This PC” in Windows Explorer.

  2. Right-click the target drive and choose “Turn on BitLocker.”

  3. Choose “Enter a Password.”

  4. Enter a secure password.

  5. Choose “How to Enable Your Recovery Key” which you’ll use to access your drive if you lose your password.

  6. Choose “Encrypt Entire Drive.” This option is more secure and encrypts files you marked for deletion.

  7. Click “Start Encrypting” to begin the encryption process.

    Screenshot of Settings - device encryption.

Once BitLocker is enabled and encryption is complete, the ComplyJet Agent will detect the encrypted state.

How ComplyJet Evaluates This

The ComplyJet Agent checks:

  • Whether FileVault (macOS) is enabled

  • Whether BitLocker (Windows) is enabled

  • Whether the system drive is encrypted

If encryption is active, the device will show Compliant. If encryption is disabled or not detected it will show Non-Compliant.

Common Reasons for Failure

  • FileVault is turned off

  • BitLocker is not enabled

  • Windows Home edition (BitLocker unavailable)

  • Encryption setup started but not completed

  • Device not synced after enabling encryption

Next Steps

After enabling encryption:

  1. Click Sync now inside the ComplyJet Agent

  2. Wait for encryption to complete (if still in progress)

  3. Confirm the device check shows Compliant

Once encryption is properly enabled, the test will automatically pass.

Related Articles
Hexnode Setup (macOS)
Intune Setup (Windows)
Intune Setup (macOS)
ComplyJet Agent - ScreenLock ( Windows & MacOS )
ComplyJet Agent – Anti-Virus (Windows & macOS)
Did this answer your question?