Encryption options

Full Disk Encryption Mode

efde_policy_win efde_policy_macos Enable Encryption - This setting enables/disables the encryption on the device. If a policy with the Disabled setting is applied to an encrypted workstation, it will be decrypted.

efde_policy_win efde_policy_macos Time before user is reprompted to perform encryption setup action (hours) - The maximum value is 24 hours. Defines the interval in hours how often is user prompted to setup the encryption password on his workstation.

efde_policy_win Encrypt Options:

oEncrypt All Disks - Encrypts all physical disks on the workstation. External HDD and USB drives are not affected.

oEncrypt Boot Disk Only - Encrypts only the physical disk that is used as a current Windows boot drive.

efde_policy_win Disable FDE Authentication - This setting enables/ disables the pre-boot password authentication requirement for the workstation.

 

Trusted Platform Module Support

Policy setting

Supported on OS

Description

Use TPM

efde_policy_win

Enabling the use of TPM will initialize and take ownership of the Trusted Platform Module (TPM). It is your responsibility to ensure that the TPM is not being used by any other software, as this can result in data loss.

TPM Mode

efde_policy_win

Use TPM if possible - Encryption process will attempt to use TPM for the encryption. If the TPM version is not supported or TPM is not present, encryption will continue without TPM.

Must use TPM - Encryption requires TPM. If TPM is not present or it is running in an unsupported version, the encryption will fail to start.

 

OPAL Self-Encrypting Drive Support

Policy setting

Supported on OS

Description

Use Opal

efde_policy_win

If enabled, encryption will be performed with the use of OPAL encryption support. This is a hardware functionality of a disk.

Opal Mode

efde_policy_win

Use Opal if possible - Encryption process will attempt to use OPAL hardware encryption support for the encryption. If OPAL version is not supported or OPAL encryption support is not present, encryption will continue without OPAL.

Must use Opal - Encryption requires OPAL. If OPAL is not present or it is running in an unsupported version, the encryption will fail to start.