The following table explains the policy limitations for Encryption Management for Apple FileVault and Encryption Management for Microsoft BitLocker. To use all policies, install the Full Disk Encryption agent instead.
-
Encryption Management for Microsoft BitLocker does not require authentication and is not affected by authentication policies. Client, login, password, and authentication policies, or allowing the user to uninstall the Endpoint Encryption agent software only affects the Full Disk Encryption and File Encryption agents.
-
Encryption Management for Apple FileVault does not require authentication for endpoints with hard drives not using APFS (Apple File System). However, for endpoints running Mac OS High Sierra (10.13) with SSDs using APFS, Encryption Management for Apple FileVault prompts for the user's password when the Encrypt Device policy is later updated to to No.
The following table explains the policies affecting each agent. Use it to understand the policy limitations of third-party agents.
|
Policy |
Full Disk Encryption |
Encryption Management for Apple FileVault |
Encryption Management for Microsoft BitLocker |
|---|---|---|---|
|
Allow User Recovery |
|
||
|
Allow User to Uninstall |
|
||
|
Encrypt Device |
|
|
|
|
Account Lockout Action |
|
||
|
Account Lockout Period |
|
||
|
Dead Man Switch |
|
||
|
Device Locked Action |
|
||
|
Device Killed Action |
|
|
|
|
Failed Login Attempted Allowed |
|
||
|
If Found |
|
||
|
Legal Notice |
|
|
|
|
Lock Device Time Delay |
|
||
|
Preboot Bypass |
|
||
|
Support Info |
|
||
|
Token Authentication |
|
||
|
Authentication Methods Allowed |
|
||
|
Sync Interval |
|
|
|
|
Allow User to Configure Wi-Fi |
|
||
|
Wi-Fi Settings Apply Wi-Fi settings (in Control Manager) |
|
||
|
Encrypt Only Used Space |
|
||
|
Select Encryption Key Size |
|
||
|
Logon Background Color Customize background color (in Control Manager) |
|
||
|
Logon Banner Customize banner (in Control Manager) |
|
