Licensing
DriveLock offers various licensing models with different subscription periods. A basic subscription always includes the respective licensed main module with various basic modules that are required to operate DriveLock. These include the DriveLock Operations Center (DOC), the DriveLock Agent (which is distributed on the client computers), inventory and event display functions, and the DriveLock Enterprise Service (DES) with the associated databases for the on-premise version. Combination modules can be added to some main modules (e.g. Encryption 2-Go to Device Control, see table below).
Starting with DriveLock version 2024.2, licenses are managed centrally in the DriveLock Operations Center (DOC) and automatically entered in a license policy. This policy is automatically assigned to all computers.
Licenses that are entered via the DriveLock Management Console (DMC) in a policy and uploaded to the server are automatically entered in the license list and the license policy in the DOC. You still need to activate the modules in policies, see Best practice for licensing.
A DriveLock license includes the modules purchased (e.g. Device Control, Application Control, each including a quantity).
To ensure that a DriveLock module works correctly, the licence for it must be entered in a policy and you must activate the module. The DriveLock license is issued as a file or a license key (both types of licence are equally valid).
Once you have performed the basic DriveLock installation, DriveLock policies distribute the licenses to the agents and DES verifies them. The license status is displayed in the DriveLock Operations Center (DOC).
The total number of licenses required is determined based on agent feedback. You will be alerted if you do not have enough licenses. User licenses are counted separately on terminal servers. In Security Awareness, the number of licenses is determined by the users running campaigns.
The following modules are currently available:
|
Main module |
Combination module |
Functionality |
|---|---|---|
|
Device Control |
Drive and Device Control |
|
|
Device Control |
Encryption-2-Go |
|
|
Device Control |
BitLocker To Go |
Control and encrypt external media with BitLocker To Go |
|
BitLocker Management |
Management of Microsoft BitLocker functionality |
|
|
BitLocker Management |
DriveLock PBA for BitLocker |
|
|
Application Control |
Control of applications with the help of whitelists or blacklists |
|
|
Application Control |
Application Behavior Control |
Control of application behavior (included in the Application Control module, but separately configurable) |
|
Disk Protection |
||
|
File Protection |
|
Encryption of files and folders |
|
Security Awareness |
|
Integration of security awareness campaigns with interactive training, learning content and videos |
|
Defender Management |
|
Integration and management of Microsoft Defender functionality |
|
Vulnerability Management |
|
Risk-based identification of vulnerabilities |
|
Security Configuration Management |
|
Security management using the native security settings |
The licenses for Disk Protection and BitLocker Management cannot be active at the same time. If you want to use Disk Protection and BitLocker at the same time, please make sure to enter the respective licenses in separate policies. The policy assignments must be set up so that a client only receives one of the two licenses through the policies.
As of version 2023.1, the functionality of the Risk & Compliance (EDR) module is largely part of the DriveLock Zero Trust Platform. To use MITRE Attack rules, you will now need a license for Application Control.