This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The Screen POA does not appear before proceeding with encryption.

-I installed Sophos Safeguard Encryption version 8.10.
-In safeguard Management Server, i configured two policy :
* Device encryption.
* BitLocker POA : for the authentication of the Bios when the computer Start.
-The Client deployement has succeded :
* After the first Reboot, the PC start to encrypt the disk, without displaying the screen POA for configuring password.

Problem :
* The Screen POA does not appear before proceeding with encryption.
* For some PCs, the POA screen appears however all the PCs are of the same range and the same manufacturer :
- The OS of machines having problem : Windows 10 Pro.
- Model of the device having problem : PC de bureau Lenovo V410z All-In-One / i5 7ieme Generation.
- Version of SafeGuard : Sophos SafeGuard 8.10.
- The POA option is ENABLED in the Specific Machine Setting Policy.
- On Bitlocker Options : BitLocker logon mode for boot volumes is set to TPM+PIN.



This thread was automatically locked due to age.
Parents
  • Hi - This is correct and by design. Windows 10 will use BitLocker only - not Sophos encryption. SafeGuard will help manage this, but there's no "POA" Window you'd see in earlier versions of Windows. The user must login with the Sophos credential provider (or compatible smart key/biometrics).

    Are you wanting to set a PIN for the device and are you not seeing this prompt?

     

  • Hi Michael,

     

    Thank you for your reply.

    But the screen appear with pc and does not appear with other pc despite the fact that all pc are the same range, manufacturers, performance and OS.

  • Can you include a screenshot/photo of what you're experiencing?

  • thank you,

     

    I don't have a screen for my experience because i need all pc' or laptops authenticate at startup and ask me for password not PIN (i don't want PIN) .

    I need this screen to insert password on all PC.

  • If you want PASSWORD and NOT PIN, then you'll need to adjust the safeguard authentication policy and also disable TPM in the BIOS. 

    This will then use the "fallback" of password rather than TPM and PIN. BitLocker will want to use TPM if it's present so it'll be best to disable and hide (if possible) in the BIOS.

    This will limit your OS choice too, as earlier versions of Windows only supported BitLocker WITH TPM, not an issue though if you've got Win10 throughout.

    So modify policy - Set fallback to be password for Boot Volumes. This will then prompt (like you've screenshotted) for a password and not a PIN, and you'll get the blue screen like you displayed for the password request after POST.

     

Reply
  • If you want PASSWORD and NOT PIN, then you'll need to adjust the safeguard authentication policy and also disable TPM in the BIOS. 

    This will then use the "fallback" of password rather than TPM and PIN. BitLocker will want to use TPM if it's present so it'll be best to disable and hide (if possible) in the BIOS.

    This will limit your OS choice too, as earlier versions of Windows only supported BitLocker WITH TPM, not an issue though if you've got Win10 throughout.

    So modify policy - Set fallback to be password for Boot Volumes. This will then prompt (like you've screenshotted) for a password and not a PIN, and you'll get the blue screen like you displayed for the password request after POST.

     

Children