SurfacePro 4 - Can we encrypt with Safeguard 8.1

Question

Hi. 
 
 A couple of my colleagues have tried encryption Surface Pro 4's with safeguard treating them as Windows 10. 
 
 So getting them on AD then installing the Safeguard software. 
 Then installing our safeguard bit that tells safeguard about our particular safeguard server 
 
 So when you get the prompt for a pre boot key, instead of doing that it prompts asking to save a key onto a USB Device? Does anyone know why its doing this instead of encrypting it

MichaelMcLannahan · Accepted Answer

Yes Steph - They work and encrypt fine, we have loads here. 
 What you're probably experiencing is conflicting BL GPO's. The Surfaces are already encrypted devices out of the box, so as such they don't need Sophos to enable the encryption, but they will need Sophos to back up the recovery key. 
 Somewhere in AD (this Surface is bound to AD isn't it?) you'll have a conflicting policy that's allowing this Surface to manage it's own key - or it's not yet got the correct GPO telling it what to do with the key. 
 The Surface is a tablet, so make sure the GPO's set in AD support this - More info here... 
 https://docs.sophos.com/esg/sgn/8-1/admin/en-us/esg/SafeGuard-Enterprise/concepts/BitlockerPrerequisites.html 
 Also check that you haven't set the policy in SSG to startup-key, this will produce the prompt you're seeing too.