This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Turn off startup authentication

I have few devices in my network asking for startup authentication passwords even I have turned "startup authentication" is OFF from the policy.

I created a new policy and added these devices but they are still asking for the startup password.

I checked the End point agent and navigated to Endpoint Self Help and checked last time policy received was the date of new policy creation

Then I launched Sophos Diagnostics Utility and collected data

Restarted the device encryption service and restarted computer

No difference

When I check the TPM management console, it says "compatible TPM can not be found"
Then I read this article

https://support.sophos.com/support/s/article/KB-000036611?language=en_US&utm_campaign=Encryption&utm_medium=EndpointSelfHelp&utm_source=Product

The idea I got is, when a device does not have a TPM, the the authentication falls back to the next level which is the startup password.

Appreciate if someone can help/clarify

Thank you :)



This thread was automatically locked due to age.
Parents
  • Hi pasindu,

    Thanks for reaching out to the Sophos Community Forum. 

    If you are enabling BitLocker on a device that does not have a (compatible) TPM chip, you will need to have some other method of verifying that you are permitted access to the encrypted contents of the drive. 

    Based on the table on the following page, Power On Authentication will be necessary in your situation. 
    - Device Encryption system compatibility

    If you are managing BitLocker locally though GPO's it may also be possible for you to use a USB Key to act as the "TPMChip" on Windows 10, however, the support for this is limited if you choose to go that route instead of using POA.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi pasindu,

    Thanks for reaching out to the Sophos Community Forum. 

    If you are enabling BitLocker on a device that does not have a (compatible) TPM chip, you will need to have some other method of verifying that you are permitted access to the encrypted contents of the drive. 

    Based on the table on the following page, Power On Authentication will be necessary in your situation. 
    - Device Encryption system compatibility

    If you are managing BitLocker locally though GPO's it may also be possible for you to use a USB Key to act as the "TPMChip" on Windows 10, however, the support for this is limited if you choose to go that route instead of using POA.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data