This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 61%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Hello,
I created a compliance policy to check the encryption status on Linux device, my issue is we have Linux devices not encrypted with LUKS before installation.
As per this documentation, it is possible to encrypt Linux volumes after installation using encryptsetup tool.
I searched for encryptsetup tool and I found that it is only encrypt Home folder. However, I followed up the instruction to encrypt Home folder but the device still non-compliant.
How to encrypt Linux devices without re-installation ?
Thanks,
Alaa Elrayes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Alaa Elrayes,Thanks for posting in Q&A.
From your description, I know you want to encrypt Linux devices without re-installation to meet the compliance policy.
Based on my research, if you already have Ubuntu installed without any encryption, then full disk encryption with LUKS may not be an option.
And if you use the encryptsetup tool to only encrypt Home folder, but not encrypt the writable fixed disks on this computer, it may not meet the compliance policy settings. Therefore, it is suggested that you re-install the Linux devices and encrypt Linux devices during the installation to meet the compliance policy.
Hopa above information can be helpful.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@ZhoumingDuan-MSFT So, why Microsoft mentioned in the above article that it is possible to encrypt after installation ?
Thanks,
@Alaa Elrayes,Thanks for your update.
Microsoft's article does mention the possibility of post-installation encryption, but this would take a lot of time and effort, however, there are only methods related to encrypting the home directory and swap space, and there is currently no method for full disk encryption.
Thanks for your kind understanding.