Configuring Full Disk Encryption Rules

The following procedure explains the configurable options for policy rules affecting Full Disk Encryption devices.

Note:

Encryption Management for Apple FileVault and Encryption Management for Microsoft BitLocker do not require authentication and are not affected by authentication policies. Client, login, password, and authentication policies, or allowing the user to uninstall the Endpoint Encryption agent software only affects the Full Disk Encryption and File Encryption agents.

Create a new Endpoint Encryption policy.
See Creating a Policy.
Click Full Disk Encryption.
The Full Disk Encryption policy rules settings appear.

Figure 1. Full Disk Encryption Policy Rules
Under Encryption, select Encrypt device to start full disk encryption when the Endpoint Encryption agent synchronizes policies with PolicyServer.
Warning:
Do not deploy encryption to Full Disk Encryption agents without first preparing the endpoint's hard drive.

For information about preparing the hard drive, see Full Disk Encryption Deployment Outline in the Endpoint Encryption Installation Guide.
Under Agent Settings, select the following options:
- Select Bypass Full Disk Encryption Preboot to allow the user to authenticate directly into Windows without protection from preboot authentication.
- Select Users are allowed to access system recovery utilities on the device to allow the user to access the Recovery Console.
  
  For information about configurable options and available tools in Full Disk Encryption, see Recovery Console.
Under Notifications, configure the following options:
- Select If found, display the following message on the device to show a message when the If Found policy is active.
- Select Display Technical Support contact information to show a message after the user logs on to the Full Disk Encryption agent.
- Select Show a legal notice to show the specific legal message at start up or only after installing the Full Disk Encryption agent.