Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

GPO for TPM and PIN

Hi.

 

Daft question of the hour.

i have setup a GPO that says use TPM and PIN so that hopefully our users have to put in a pin at boot that have Bitlocker, on Windows 10.

Should this apply to "all authenticated users" Or should it actually be against a mythical list of a"all computers" if there is a thing called all computers how can i select it.

  • I would personally apply it to a group to avoid applying it to devices that aren't compliant. 

    There is Authenticated Computers though - this is a catch all group if you're using a directory.

    Automatically when you apply a policy to the root it'll add both Authenticated Users and Authenticated Computers for you. You can then drag them out and drag in a group if needed?