Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Disk encryption

Feature availability
Operating SystemsWARP mode requiredZero Trust plans
macOS, WindowsWARP with GatewayAll plans

The Disk Encryption device posture attribute ensures that disks are encrypted on a device.

​​ Enable the disk encryption check

  1. In the Zero Trust Dashboard, go to Settings > WARP Client.
  2. Scroll down to WARP client checks and select Add new.
  3. Select Disk Encryption.
  4. Enter a descriptive name for the check.
  5. Select your operating system.
  6. Turn on Enable Disk Encryption.
  7. Select Save.

Next, verify that the disk encryption check is returning the expected results.

​​ How WARP checks for encryption

Operating systems determine disk encryption in various ways. The following information will allow you to understand how the client determines disk encryption status on various systems.

​​ On macOS

  1. Open a terminal window.

  2. Run the /usr/sbin/system_profiler SPStorageDataType command to return a list of drivers on the system and note the value of Mount Point.

    $ /usr/sbin/system_profiler SPStorageDataType
    Free: 428.52 GB (428,519,702,528 bytes)
    Capacity: 494.38 GB (494,384,795,648 bytes)
    Mount Point: /System/Volumes/Data
  3. Run the diskutil info command for a specific Mount Point and look for the value returned for FileVault. It must show Yes for the disk to be considered encrypted.

    $ diskutil info /System/Volumes/Data | grep FileVault
    FileVault: Yes

All disks on the system must be encrypted for the posture check to pass.

​​ On Windows

  1. Open a Powershell window.
  2. Run the Get-BitLockerVolume command to list all volumes detected on the system.
  3. Protection Status must be set to On.

All disks on the system must be encrypted for the posture check to pass.

​​ On Linux

Disk encryption checks are not currently supported on Linux.

​​ On iOS, Android and ChromeOS

These platforms are always encrypted and so no disk encryption check is supported.