Endpoint Encryption

Data protection with encryption for desktops, laptops, and removable media


The proliferation of data and devices in today’s enterprises has increased the complexity of protecting confidential data, meeting compliance mandates, and preventing costly data breaches. These challenges are further amplified as more and more employees bring their own computing devices to work. Ensuring that sensitive data is secured in the case of device loss has never been more difficult.

Trend Micro™ Endpoint Encryption encrypts data on a wide range of devices, such as PCs and Macs, laptops and desktops, USB drives, and other removable media. Available as a separate agent, this solution combines enterprise-wide full disk, file/folder, and removable media encryption to prevent unauthorized access and use of private information. A single, well-integrated management console allows you to manage your users holistically—using the same console for endpoint protection and other Trend Micro security products. Deploying the Endpoint Encryption agent helps ensure that your data will continue to be protected as your mobile computing devices and organizational needs change.

Software and Hardware

Protection Points

  • Laptops, desktops
  • Removable media: USB/CD/DVD
  • Files and file volumes (folders)


Threat Protection

  • Privacy
  • Data protection
  • Regulatory compliance
  • Securing intellectual property

Maximize Platform Coverage for Data and Device Encryption

Get comprehensive data protection on Macs and PC laptops, desktops, removable media, and mobile devices

Lower Total Cost of Ownership (TCO) with Centralized Policy Administration and Transparent Key Management

Save more with an integrated solution that makes it easy to deploy, configure, and manage encryption

Simplify Remote Device Management


Key features

Advanced Reporting and Auditing

  • Unify visibility and policy deployment with other Trend Micro products through integration with Control Manager
  • Automate enforcement of regulatory compliance with policy-based encryption
  • Receive detailed auditing and reporting by individual, organizational unit, and device
  • Assist compliance initiatives with an audit trail for all administrative actions
  • Demonstrate compliance on demand with real-time auditing

Administrative Tools and Active Directory Integration

  • Provide remote one-time passwords across all endpoint client applications
  • Manage users and groups from multiple active directory domains in a single console, simplifying the existing IT infrastructure for deployment and management
  • Gain access to recovery console in the Microsoft® Windows® pre-boot

Pre-Boot Authentication

  • Gain flexible authentication, including active directory integration, fixed password, and multi-factor authentication for government and defense customers
  • Ensure that lost or stolen devices can be remotely wiped or locked before they can boot using network-aware (WiFi and ethernet)
  • Enable policy updates prior to authentication
  • Trigger the lockout feature in response to incorrect authentication attempts
  • Configure actions on failed password attempt threshold
  • Support multiple user and administrator accounts per device

Support for a Consumerized Environment

  • Provide management and visibility for Microsoft® BitLocker®, this is especially useful for employee-owned devices where corporate data needs to be protected.
  • Provide visibility and management of Apple® FileVault® to enforce policies on Macs, and protect them in the case of loss or theft.


Key Benefits
  • Helps ensure privacy and compliance enforcement with policy-based encryption
  • Lowers TCO with simplified deployment, configuration, and management
  • Provides comprehensive data security for laptops, desktops, removable media, and mobile devices
  • Helps ensure robust security through certifications including the Federal Information Processing Standard (FIPS) Publication 140-2 certification
  • Maintains compliance and protects your data without disrupting users with remote management

* Management for Bitlocker and FileVault is included with Trend Micro Endpoint Encryption.
** Dependent on the OS version and machine model.

Endpoint Encryption is a critical component of our Smart Protection Suites. Our suites deliver even more data protection capabilities, like data loss prevention (DLP) and device control, as well as our threat protection capabilities, including file reputation, machine learning, behavioral analysis, exploit protection, application control, and intrusion prevention. Having additional Trend Micro solutions extends your protection from advanced attacks with endpoint investigation and detection. All of this modern threat security technology is made simple for your organization with central visibility, management, and reporting.

System Requirements

Minimum recommended server requirements

  • Microsoft® Windows® Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2022 (64-bit only)
  • Physical or virtual server with 2.2 GHz Xeon Quad Core or above; 1 available vCPU
  • 8 GB RAM
  • 120 GB hard disk space
  • Microsoft® Windows® 7, 8, 8.1, 10 22H1 and earlier
  • Windows Embedded POSReady 7
  • Intel® Core™ 2 Duo 2.0 GHz processor and above
  • 1 GB RAM
  • 30 GB hard disk, 20% free space

Note: Agent will not support new hardware models after May 2021
Note: Agent will not support Windows 11
Note: Agent will not support Windows 10 22H2

  • Windows 7, 8, 8.1, 10, 11
  • Windows  Embedded POSReady 7
  • Intel Core 2 Duo 2.0 GHz processor and above
  • 1 GB RAM
  • TPM 1.2 or higher
  • 30 GB hard disk with 20% free space

Note: Agent will not support Windows 10 22H2 and Windows 11 22H2

  • macOS® 10.8, 10.9, 10.10, 10.11, 10.12, 10.13, 10.14
  • Intel Core 2 Duo 2.0 GHz processor and above
  • 2 GB RAM
  • 8 GB hard disk, 400 MB free space

Note: Agent will not support macOS 12 and newer