Disk Encryption Policy
User can create and deploy a Full Disk Encryption (FDE) policy just like any other MDM policy.
About this task
Procedure
- From the WebUI main screen, click Create Policy and on the top right corner, click
-
From the list of policy types, select Disk
Encryption
-
On the Disk Encryption Policy page, enter the required information.
- Windows
- If you select Windows for Operating System, provide the following
information. You must configure if you want a Client UI offer (if
available) or to just restart immediately.
- Windows Disk Encryption Policy
- Require Device Encryption: Select this to enforce disk encryption. This is selected by default.
- Fixed Drives Require Encryption: This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. If not encrypted, the fixed drives remain Read-Only.
- Removable Drives Require Encryption: This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If not encrypted, the removable drives remain Read-Only.
- System Drives Recovery Message: This setting lets you
configure the entire recovery message or replace the
existing URL that are displayed on the pre-boot key recovery
screen when the OS drive is locked.
- Preboot Recovery Mode
- Disabled
- Default
- Custom Message
- Custom URL
- Recovery Message: Recovery message is displayed in the BitLocker recovery page.
- Recovery URL
- Preboot Recovery Mode
- Windows Disk Encryption Policy
- macOS
- If you select macOS for Operating System provide the following
information:
- MacOS Disk Encryption Policy
- Recovery Key Output Path which is an optional field where you can provide a path where the recovery key information is stored.
- Recovery Key Escrow Location: The description of the location where the recovery key will be escrowed. This text will be inserted into the message the user sees when enabling FileVault. Required field. Enter a message that can be displayed to the user about from where to get the recovery key. For example, support helpdesk.
Note: Enabling full disk encryption on macOS devices disables auto-login. For more information, read Apple official documentation at https://support.apple.com/en-us/HT201476 and https://support.apple.com/en-us/HT204837. - MacOS Disk Encryption Policy
- Click Save.