Encryption Management Agent Policy Limitations

The following table explains the policy limitations for Encryption Management for Apple FileVault and Encryption Management for Microsoft BitLocker. To use all policies, install the Full Disk Encryption agent instead.

Note:
  • Encryption Management for Microsoft BitLocker does not require authentication and is not affected by authentication policies. Client, login, password, and authentication policies, or allowing the user to uninstall the Endpoint Encryption agent software only affects the Full Disk Encryption and File Encryption agents.

  • Encryption Management for Apple FileVault does not require authentication for endpoints with hard drives not using APFS (Apple File System). However, for endpoints running Mac OS High Sierra (10.13) with SSDs using APFS, Encryption Management for Apple FileVault prompts for the user's password when the Encrypt Device policy is later updated to to No.

The following table explains the policies affecting each agent. Use it to understand the policy limitations of third-party agents.

Table 1. Policies Affecting Full Disk Encryption Agents

Policy

Full Disk Encryption

Encryption Management

for Apple FileVault

Encryption Management

for Microsoft BitLocker

Allow User Recovery

Allow User to Uninstall

Encrypt Device

Account Lockout Action

Account Lockout Period

Dead Man Switch

Device Locked Action

Device Killed Action

Failed Login Attempted Allowed

If Found

Legal Notice

Lock Device Time Delay

Preboot Bypass

Support Info

Token Authentication

Authentication Methods Allowed

Sync Interval

Allow User to Configure Wi-Fi

Wi-Fi Settings

Apply Wi-Fi settings (in Control Manager)

Encrypt Only Used Space

Select Encryption Key Size

Logon Background Color

Customize background color (in Control Manager)

Logon Banner

Customize banner (in Control Manager)