Encryption Phased Rollout for Windows Workstations
Jun 20, 2025
Note: this article applies only to Windows systems. ISS and Denver OIT are currently working on a plan to encrypt Mac computers via Filevault. Information about the Mac rollout will be shared in a future newsletter.
Encryption allows you the flexibility to work remotely, hybrid, travel, or on campus by keeping your data safe in the event your device is lost or stolen. The Encryption Standard (Baseline Secure Computing Standard 3) will protect you and the university by preventing unauthorized access to your computer and the data it contains. Encryption is an essential tool for maintaining IT security and compliance, and having it enabled will make it easier for you to conduct your business, research and learning with the university by helping ensure that your device is compliant with data confidentiality and privacy regulations including FERPA and HIPAA.
Starting in June 2025, Information Strategy and Services (ISS) is working with the Denver Office of Information Technology (OIT) and our IT partners across the CU Anschutz and CU Denver campuses to conduct a phased rollout of the new Encryption Standard for all university-owned Windows workstations. University-owned Mac devices will be addressed in a future rollout.
After helpful feedback from faculty, staff and students, we changed our encryption provider from PGP to the improved solution, BitLocker. BitLocker has an improved user experience with no impact on the computer’s performance, and it is imperceptible to the end user.
ISS and Denver OIT have created a standardized approach across the university to simplify the encryption process and make it easier for our IT partners to enable and maintain encryption on the devices in the departments and units they support. Beginning June 1, the Endpoint Management Team will be working directly with IT partners campuswide to provide support and testing while BitLocker is enabled on all university-owned Windows workstations. This phased, collaborative approach ensures there will be no disruption to your work.
While the encryption process is highly reliable, ISS and Denver OIT strongly recommend, as best practice, backing up all user data that may be stored on your hard drive or desktop before starting this process to ensure no user data is lost. The university approved file storage locations include H: Drive/Isilon or the university provided OneDrive for Business. Following this best practice eliminates the risk of data loss during encryption.
Please work with your department IT professional to backup or move your files to a university-approved file storage location prior to your IT professional enabling encryption on your device.
If you have any questions or would like to learn more about encryption, please contact the Endpoint Management Team. If you would like to learn more about the 10 controls in the Baseline Secure Computing Standards, please visit our secure webpage and login with your university credentials.
