Configuring Full Disk Encryption Rules Parent topic

The following procedure explains the configurable options for policy rules affecting Full Disk Encryption devices.
Note
Note
Encryption Management for Microsoft BitLocker and Encryption Management for Apple FileVault do not require authentication and are not affected by authentication policies. Client, login, password, and authentication policies, or allowing the user to uninstall the Endpoint Encryption agent software only affects the Full Disk Encryption and File Encryption agents.

Procedure

  1. Create a new Endpoint Encryption policy.
    See Creating a Policy.
  2. Click Full Disk Encryption.
    The Full Disk Encryption policy rules settings appear.
    fde_policies_tmcm.png

    Full Disk Encryption Policy Rules

  3. Under Encryption, select Encrypt device to start full disk encryption when the Endpoint Encryption agent synchronizes policies with PolicyServer.
    WARNING
    WARNING
    Do not deploy encryption to Full Disk Encryption agents without first preparing the endpoint's hard drive.
  4. Under Agent Settings, select the following options:
    • Select Bypass Full Disk Encryption Preboot to allow the user to authenticate directly into Windows without protection from preboot authentication.
    • Select Users are allowed to access system recovery utilities on the device to allow the user to access the Recovery Console.
  5. Under Notifications, configure the following options:
    • Select If found, display the following message on the device to show a message when the If Found policy is active.
    • Select Display Technical Support contact information to show a message after the user logs on to the Full Disk Encryption agent.
    • Select Show a legal notice to show the specific legal message at start up or only after installing the Full Disk Encryption agent.