diff --git a/admin_manual/configuration_files/encryption_configuration.rst b/admin_manual/configuration_files/encryption_configuration.rst
index 51ee58f84..c67b9d55e 100644
--- a/admin_manual/configuration_files/encryption_configuration.rst
+++ b/admin_manual/configuration_files/encryption_configuration.rst
@@ -2,35 +2,43 @@
 Encryption Configuration
 ========================
 
-ownCloud includes a server-side encryption application. The Encryption app 
-encrypts all files stored on the ownCloud server, and all files on remote 
-storage that is connected to your ownCloud server. Encryption and decryption are 
-performed on the ownCloud server. All files sent to remote storage (for example 
-Dropbox and Google Drive) will be encrypted by the ownCloud server, and upon 
-retrieval, decrypted before serving them to you and anyone you have shared them 
-with.
+In ownCloud 8.1 the Encryption app has been changed to the ownCloud Default 
+Encryption Module. It has a number of changes and improvements, including:
 
-.. note:: Encrypting files increases their size by roughly 35%, so you must take 
-   this into account when you are provisioning storage and setting storage 
-   quotas. User's quotas are based on the unencrypted file size, and not the 
-   encrypted file size.
+* When encryption is enabled, all files are no longer encrypted at user's first 
+  logins because this caused timeouts on large installations. Instead, only 
+  files that are created or updated after encryption has been enabled are 
+  encrypted.
+
+* The  "decrypt all" option in the Personal settings has been removed, also for 
+  performance reasons.
+
+* A new option for users to enable/disable encryption on a per mount-point 
+  basis.
+
+The Default Encryption Module encrypts files stored on the ownCloud server, and 
+files on remote storage that is connected to your ownCloud server. Encryption 
+and decryption are performed on the ownCloud server. All files sent to remote 
+storage (for example Dropbox and Google Drive) will be encrypted by the ownCloud 
+server, and upon retrieval, decrypted before serving them to you and anyone you 
+have shared them with.
+
+.. note:: Encrypting files increases their size by roughly 35%, so you must 
+   take this into account when you are provisioning storage and setting 
+   storage quotas. User's quotas are based on the unencrypted file size, and 
+   not the encrypted file size.
 
 When files on external storage are encrypted in ownCloud, you cannot share them 
 directly from the external storage services, but only through ownCloud sharing 
 because the key to decrypt the data never leaves the ownCloud server.
 
-The main purpose of the Encryption app is to protect users' files on remote 
-storage, and to do it easily and seamlessly from within ownCloud. 
+The main purpose of the Default Encryption Module is to protect users' files on 
+remote storage, and to do it easily and seamlessly from within ownCloud. 
 
-The Encryption app generates a strong encryption key, which is unlocked by 
-user's passwords. So your users don't need to track an extra password, but 
-simply log in as they normally do.
-
-Encryption is applied server-wide; it cannot be applied to selected users or 
-files.
-
-The Encryption app encrypts only the contents of files, and not filenames and 
-folder structures.
+The Default Encryption Module generates a strong encryption key, which is 
+unlocked by user's passwords. So your users don't need to track an extra 
+password, but simply log in as they normally do. It encrypts only the contents 
+of files, and not filenames and folder structures.
 
 You should regularly backup all encryption keys to prevent permanent data loss. 
 The encryption keys are stored in following folders:
@@ -54,101 +62,134 @@ The encryption keys are stored in following folders:
    it is better to  use other encryption tools, such as file-level or 
    whole-disk encryption. Read 
    `How ownCloud uses encryption to protect your data 
-   <https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-data/>`_ 
-   for more information. 
+   <https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-
+   data/>`_ for more information. 
 
-Enabling the Encryption App
----------------------------
+Enabling the Default Encryption Module
+--------------------------------------
 
-The Encryption app is bundled with ownCloud, so first go to your Apps page to 
-enable it.
+The Default Encryption Module is bundled with ownCloud, so first go to your Apps 
+page to enable it.
 
 .. figure:: ../images/encryption1.png
 
-After you click the ``Enable`` button you must log out, and then log back in. 
-If you continue to work without logging out, you'll see a yellow banner at 
-the top of your Files page that warns you "Encryption App is enabled but your 
-keys are not initialized, please log-out and log-in again."
+Next, go to your ownCloud admin page. You will see a yellow banner that warns 
+you "Encryption is enabled but your keys are not initialized, please log-out and 
+log-in again", and the same warning in the **ownCloud basic encryption module** 
+section of your Admin page.
 
 .. figure:: ../images/encryption2.png
 
-When you log out and then log back in, your encryption keys are initialized and 
-your files are encrypted. This is a one-time process, and it will take a few 
-minutes depending on how many files you have.
-
-.. note:: The more files you have, the longer the initial encryption will take. It is
-   better to activate the encryption app after a new ownCloud installation, to avoid
-   possible timeouts.
+Don't log out yet, but go to the **Server-side encryption** section of your 
+Admin page and check **Enable server-side encryption**. There is also an option 
+to **Select default encryption module**, which is already selected because 
+currently there is just one.
 
 .. figure:: ../images/encryption3.png
 
-When the encryption process is complete you'll be returned to your default 
-ownCloud page. Every user will go through this process when they log in after 
-you enable encryption, and each user will get unique encryption keys. Users can change 
-their passwords whenever they want on their Personal pages, and ownCloud will update 
-their encryption keys automatically.
+Now you can log out and log back in to initialize your ownCloud server's 
+encryption keys.
 
 Sharing Encrypted Files
 -----------------------
 
-Only users who have private encryption keys have access to shared encrypted files and 
-folders. Users who have not yet created their private encryption keys will not have access 
-to encrypted shared files; they will see folders and filenames, but will not be able to 
-open or download the files. They will see a yellow warning banner that says "Encryption 
-App is enabled but your keys are not initialized, please log-out and log-in again." 
+Only users who have private encryption keys have access to shared encrypted 
+files and folders. Users who have not yet created their private encryption keys 
+will not have access to encrypted shared files; they will see folders and 
+filenames, but will not be able to open or download the files. They will see a 
+yellow warning banner that says "Encryption App is enabled but your keys are not 
+initialized, please log-out and log-in again." 
 
-Share owners may need to re-share files after encryption is enabled; users trying to 
-access the share will see a message advising them to ask the share owner to re-share the 
-file with them. For individual shares, un-share and re-share the file. For group shares, 
-share with any individuals who can't access the share. This updates the encryption, and 
-then the share owner can remove the individual shares.
+Share owners may need to re-share files after encryption is enabled; users 
+trying to access the share will see a message advising them to ask the share 
+owner to re-share the file with them. For individual shares, un-share and 
+re-share the file. For group shares, share with any individuals who can't access 
+the share. This updates the encryption, and then the share owner can remove the 
+individual shares.
 
 .. figure:: ../images/encryption9.png
 
-Decrypting Encrypted Files
---------------------------
+Encrypting External Mountpoints
+-------------------------------
 
-You have the option of changing your mind and disabling the Encryption app. 
-Just click its Disable button on the Apps page, and when you go to your Files 
-page you'll see the yellow banner warning "Encryption was disabled but your 
-files are still encrypted. Please go to your personal settings to decrypt your 
-files".
+You and your users can encrypt individual external mountpoints. You must have 
+external storage enabled on your Admin page, and enabled for your users (see 
+:doc:`external_storage_configuration_gui`).
 
-.. figure:: ../images/encryption4.png
+After setting up the external storage mountpoint, click the little gear icon at 
+the right to expose the encryption menu. Encryption is enabled by default.
 
-Go to your Personal page and enter your password in the Encryption removal form, and your 
-files will all be decrypted.
+.. figure:: ../images/encryption13.png
 
-.. figure:: ../images/encryption5.png
+To disable encryption, click the gear icon and un-check **encryption**.
 
-Your users will also have to follow this step to decrypt their files. If 
-something goes wrong with decryption, click the ``Restore Encryption Keys`` 
-button to re-encrypt your files, and then review your logfile to see what 
-happened. 
+Enabling Users' File Recovery Key
+---------------------------------
 
-Enabling a File Recovery Key
-----------------------------
-
-If you lose your ownCloud password, then you lose access to your encrypted files. If one 
-of your users loses their ownCloud password their files are unrecoverable. You cannot 
-reset their password in the normal way; you'll see a yellow banner warning "Please provide 
-an admin recovery password, otherwise all user data will be lost".
+If you lose your ownCloud password, then you lose access to your encrypted 
+files. If one of your users loses their ownCloud password their files are 
+unrecoverable. You cannot reset their password in the normal way; you'll see a 
+yellow banner warning "Please provide an admin recovery password, otherwise all 
+user data will be lost".
 
 To avoid all this, create a Recovery Key. Go to the Encryption section of your 
 Admin page and set a recovery key password.
 
-.. figure:: ../images/encryption6.png
+.. figure:: ../images/encryption10.png
 
 Then your users have the option of enabling password recovery on their Personal 
 pages. If they do not do this, then the Recovery Key won't work for them.
 
 .. figure:: ../images/encryption7.png
 
-For users who have enabled password recovery, give them a new password and recover access 
-to their encrypted files by supplying the Recovery Key on the Users page.
+For users who have enabled password recovery, give them a new password and 
+recover access to their encrypted files by supplying the Recovery Key on the 
+Users page.
 
 .. figure:: ../images/encryption8.png
 
+You may change your Recovery Key password.
+
+.. figure:: ../images/encryption12.png
+
+Or disable it.
+
+.. figure:: ../images/encryption11.png
+
+Disabling Encryption
+--------------------
+
+You have the option of changing your mind and disabling the Encryption app. 
+Just click its Disable button on the Apps page.
+
+occ Encryption Commands
+-----------------------
+
+You may also use the ``occ`` command to perform encryption operations.
+
+This is equivalent to checking **Enable server-side encryption** on your Admin 
+page::
+
+ occ encryption:enable
+
+This is equivalent to un-checking **Enable server-side encryption** on your 
+Admin page::
+
+ occ encryption:disable
+ 
+List the available encryption modules::
+
+ occ encryption:list-modules
+
+Select a different default Encryption module::
+
+ occ encryption:set-default-module [Module ID]. 
+ 
+The [module ID] is taken from the ``encryption:list-modules`` command. 
+ 
+See :doc:`../configuration_server/occ_command` for detailed instructions on 
+using ``occ``.
+
 Files Not Encrypted
 -------------------
 
@@ -167,12 +208,13 @@ third-party storage providers are guaranteed to be encrypted.
 LDAP and Other External User Back-ends
 --------------------------------------
 
-If you use an external user back-end, such as an LDAP or Samba server, and you change a 
-user's password on the back-end, the user will be prompted to change their ownCloud login 
-to match on their next ownCloud login. The user will need both their old and new passwords 
-to do this. If you have enabled the Recovery Key then you can change a user's password in 
-the ownCloud Users panel to match their back-end password, and then, of course, notify the 
-user and give them their new password.
+If you use an external user back-end, such as an LDAP or Samba server, and you 
+change a user's password on the back-end, the user will be prompted to change 
+their ownCloud login to match on their next ownCloud login. The user will need 
+both their old and new passwords to do this. If you have enabled the Recovery 
+Key then you can change a user's password in the ownCloud Users panel to match 
+their back-end password, and then, of course, notify the user and give them 
+their new password.
 
 .. This section commented out because there is no windows support
 .. in oC8; un-comment this if windows support is restored
diff --git a/admin_manual/configuration_files/index.rst b/admin_manual/configuration_files/index.rst
index 70833a0f7..a07840415 100644
--- a/admin_manual/configuration_files/index.rst
+++ b/admin_manual/configuration_files/index.rst
@@ -9,10 +9,10 @@ File Sharing and Management
     file_sharing_configuration.rst
     big_file_upload_configuration.rst
     collaborative_documents_configuration
-    default_files_configuration.rst
-    encryption_configuration.rst    
+    default_files_configuration.rst  
     external_storage_configuration_gui
     external_storage_configuration
+    encryption_configuration.rst
     files_locking_enabling.rst
     federated_cloud_sharing_configuration.rst
     previews_configuration
diff --git a/admin_manual/images/encryption1.png b/admin_manual/images/encryption1.png
index 254d5a2d5..4af2e51b3 100644
Binary files a/admin_manual/images/encryption1.png and b/admin_manual/images/encryption1.png differ
diff --git a/admin_manual/images/encryption10.png b/admin_manual/images/encryption10.png
new file mode 100644
index 000000000..535e28dcc
Binary files /dev/null and b/admin_manual/images/encryption10.png differ
diff --git a/admin_manual/images/encryption11.png b/admin_manual/images/encryption11.png
new file mode 100644
index 000000000..45b978a8a
Binary files /dev/null and b/admin_manual/images/encryption11.png differ
diff --git a/admin_manual/images/encryption12.png b/admin_manual/images/encryption12.png
new file mode 100644
index 000000000..b5bcf2d35
Binary files /dev/null and b/admin_manual/images/encryption12.png differ
diff --git a/admin_manual/images/encryption13.png b/admin_manual/images/encryption13.png
new file mode 100644
index 000000000..08ec8bfc5
Binary files /dev/null and b/admin_manual/images/encryption13.png differ
diff --git a/admin_manual/images/encryption2.png b/admin_manual/images/encryption2.png
index 73a0fdac8..9d7c0bf64 100644
Binary files a/admin_manual/images/encryption2.png and b/admin_manual/images/encryption2.png differ
diff --git a/admin_manual/images/encryption3.png b/admin_manual/images/encryption3.png
index 92616768d..38b541d6d 100644
Binary files a/admin_manual/images/encryption3.png and b/admin_manual/images/encryption3.png differ