Endpoint Encryption Device Policy Rules Parent topic

The following table explains the security policy rules for lost or stolen Endpoint Encryption devices. Depending on the policy settings, too many consecutive unsuccessful authentication attempts to the Endpoint Encryption devices delays the next authentication attempt, locks the Endpoint Encryption device, or erases all data controlled by the associated Endpoint Encryption agent.

Device Security Options

Security Option
Description
Time delay
After exceeding the allowed number of failed authentication attempts, PolicyServer temporarily locks the Endpoint Encryption device and notifies the Endpoint Encryption user that the device is locked. The ability to authenticate or reset the password is disabled during the time delay. The duration of the time delay is determined by policy. Once the time delay has expired, the user is permitted to authenticate.
Note
Note
The Endpoint Encryption user may use Self Help or Remote Help authentication to avoid waiting for the time delay period to expire.
Remote authentication required
After exceeding the allowed number of failed authentication attempts, PolicyServer locks the Endpoint Encryption device until the Endpoint Encryption user contacts Technical Support for Remote Help authentication.
Note
Note
For more information, see Remote Help.
Erase the device
After exceeding the allowed number of failed authentication attempts, PolicyServer erases all data controlled by the associated Endpoint Encryption agent. For example, erasing a Full Disk Encryption device deletes all data from the endpoint, while erasing a File Encryption device deletes all files and folders in local or removable storage protected by the File Encryption agent.
WARNING
WARNING
The Endpoint Encryption user cannot recover the erased data.