Endpoint Encryption

Endpoint encryption refers to encrypting the data stored on "endpoints," such as laptops, phones, and tablets. Encryption is the process of transferring normal words and numbers, called plain text, into an unreadable form of letters, numbers, and symbols, called ciphertext, which cannot be easily read without the key from authorized people. 


The state utilizes Bitlocker as part of the Microsoft 365 agreement, a software-based encryption. Bitlocker is enabled within the operating system. Users will only have to enter a key if an unauthorized party tries to access the hard drive while it’s powered off. Because it’s based on the operating system, if a hard drive is wiped, Bitlocker Encryption will also be wiped off.


  • Data Protection – Even if a device is lost or stolen, a hacker would need to break an encryption key in addition to a password to get into the device and access the data. Because the encryption key is usually decoded during boot-up, your data will still be safe even if the hard drive is removed from a device and plugged into an external reader.
  • Prevents Boot Modifications – If someone is trying to get access to the data stored on this device by booting into a USB or CD drive, they will not be able to get that data.  This is because the drive is locked when trying to boot from another device until it is authorized.

Requesting Service

ITD's online Work Management System (WMS) may be used to submit a "Generic" service request.

Associated Rates

Title Current Rate Current One Time Fee
Endpoint Hard Drive Encryption - Hardware Based (WAVE) 2.65/user 71.00/user
Endpoint Hard Drive Encryption - Software Based (BitLocker) 2.00/user 45.50/user

Related Standards and Guidelines

Encryption Standard

Ensures that sensitive information is encrypted.


Wave Systems, a developer of hardware based encryption technology used by the state, has filed for bankruptcy. ITD will provide updates on this topic through the monthly Information Technology Coordinators Council meeting.