This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Surface Pro + Safeguard 8 - Missing or Invalid POA etc.

We are in the process of upgrading our Surface Pro fleet to v8 of SGN. The reason we have done this is because we have seen an issue with these devices where there is no recovery key in the Safeguard console, it just isn't there. v8 was supposed to fix that...

Well turns out, we have had two machines in the past week, one fresh re-image with v8 and one upgrade to v8, once again not have a recovery key in the console. It isn't all of our Surface Pros afaik, but it is enough to give us pause and reconsider if we should be using Safeguard on these devices. 

Is anyone else having this issue? We are opening a ticket with support, but I wanted to see if anyone else has experienced this.



This thread was automatically locked due to age.
Parents
  • I think the issue you're seeing is that newer Surfaces are hardware encrypted, and as such are already encrypted out of the box. It would be easy to check the state of the client locally and see that it's encrypted - not perhaps realising that the recovery key isn't available on the console. 

     

    I do have many Surfaces here though and they're all working well. The client is installed and reporting back to the console with the recovery key available. I'm also using V8.

     

    We do disable PIN on these devices (although newer Surfaces do support pre-boot PIN entry now) and they're running the same config as others.

     

    I would recommend a reboot on each affected client, then a manual sync and then see what appears in the console. You may also find that the console has no inventory for these clients either - a classic sign of the client not reporting back to the server. 

     

    Keep me updated - Surfaces are and probably will continue to be a large part of my estate!

     

    All the best

Reply
  • I think the issue you're seeing is that newer Surfaces are hardware encrypted, and as such are already encrypted out of the box. It would be easy to check the state of the client locally and see that it's encrypted - not perhaps realising that the recovery key isn't available on the console. 

     

    I do have many Surfaces here though and they're all working well. The client is installed and reporting back to the console with the recovery key available. I'm also using V8.

     

    We do disable PIN on these devices (although newer Surfaces do support pre-boot PIN entry now) and they're running the same config as others.

     

    I would recommend a reboot on each affected client, then a manual sync and then see what appears in the console. You may also find that the console has no inventory for these clients either - a classic sign of the client not reporting back to the server. 

     

    Keep me updated - Surfaces are and probably will continue to be a large part of my estate!

     

    All the best

Children