Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 1995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SurfacePro 4 - Can we encrypt with Safeguard 8.1

StephanieGelder

Hi.

 

A couple of my colleagues have tried encryption Surface Pro 4's with safeguard treating them as Windows 10.

 

So getting them on AD then installing the Safeguard software.

Then installing our safeguard bit that tells safeguard about our particular safeguard server

 

So when you get the prompt for a pre boot key, instead of doing that it prompts asking to save a key onto a USB Device? Does anyone know why its doing this instead of encrypting it



This thread was automatically locked due to age.
Parents
  • +1

    Yes Steph - They work and encrypt fine, we have loads here.

    What you're probably experiencing is conflicting BL GPO's. The Surfaces are already encrypted devices out of the box, so as such they don't need Sophos to enable the encryption, but they will need Sophos to back up the recovery key.

    Somewhere in AD (this Surface is bound to AD isn't it?)  you'll have a conflicting policy that's allowing this Surface to manage it's own key - or it's not yet got the correct GPO telling it what to do with the key. 

    The Surface is a tablet, so make sure the GPO's set in AD support this - More info here...

    https://docs.sophos.com/esg/sgn/8-1/admin/en-us/esg/SafeGuard-Enterprise/concepts/BitlockerPrerequisites.html

    Also check that you haven't set the policy in SSG to startup-key, this will produce the prompt you're seeing too.

Reply
  • +1

    Yes Steph - They work and encrypt fine, we have loads here.

    What you're probably experiencing is conflicting BL GPO's. The Surfaces are already encrypted devices out of the box, so as such they don't need Sophos to enable the encryption, but they will need Sophos to back up the recovery key.

    Somewhere in AD (this Surface is bound to AD isn't it?)  you'll have a conflicting policy that's allowing this Surface to manage it's own key - or it's not yet got the correct GPO telling it what to do with the key. 

    The Surface is a tablet, so make sure the GPO's set in AD support this - More info here...

    https://docs.sophos.com/esg/sgn/8-1/admin/en-us/esg/SafeGuard-Enterprise/concepts/BitlockerPrerequisites.html

    Also check that you haven't set the policy in SSG to startup-key, this will produce the prompt you're seeing too.

Children
No Data
Unfiltered HTML