Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise
21222324252627282930
10. Enter a description of the changes in the Comment box and click Commit Policies.
11. To see the policy setting on the local computer after the Dell Server sends the policy, in the Policies pane of Dell Encryption
Enterprise Preferences, click Refresh.
Encryption Process
The encryption process varies depending on the state of the boot volume when encryption is enabled.
NOTE:
To maintain the integrity of user data, the client software does not begin encrypting a volume until the verification process
is successful on that volume. If a volume fails verification, the client software notifies the user and reports the failure in Dell
Data Protection Preferences. If you need to repair a volume, follow the instructions in Apple Support article HT1782 (http://
support.apple.com/kb/HT1782). The client software re-attempts verification on the next computer restart.
Select one of these:
FileVault encryption of an unencrypted volume
Assume Management of an Existing FileVault-Encrypted Volume
FileVault Encryption of an Unencrypted Volume
With FileVault encryption, an additional unnamed user displays in the PBA. Do not delete this user as it allows the Dell Server to
enforce policy on the device. If the PBA user is removed, the user will need to take action to begin policy-mandated decrypts.
1. After installation and activation, you must log into the account you want to boot from after FileVault encryption is active.
2. Wait for validation of the drive and verification of the volume to complete.
3. Enter the password for the account.
NOTE:
If you allow this dialog to time out, you must reboot or log in for the password dialog to display again.
4. Click OK.
5. Be sure that each user has a secure token. See https://www.dell.com/support/article/us/en/19/sln309192/mobile-users-
unable-to-activate-dell-encryption-enterprise-for-mac-on-macos-high-sierra?lang=en.
If the account the user was logged into is a non-mobile network account, a dialog displays. After the boot drive is encrypted,
the drive can be booted only by the user who was logged in during FileVault initialization.
This account must be a local or network mobile account. To change non-mobile network accounts to mobile accounts, go to
System Preferences > Users and Groups. Do one of the following:
Make the account a mobile account.
OR
Log into a local account and initialize FileVault from that location.
6. Click OK.
7. After encryption preparation is complete, restart the computer.
NOTE:
Depending on the User Experience policies set in the Management Console, the client software may prompt the user to
restart the computer.
8. After the computer restarts, it must be connected to the network for the client software to escrow recovery information to
the Dell Server.
The client software can begin and complete the encryption process, as well as report encryption status to the Management
Console, all before user login. This allows you to enforce compliance across all Mac computers without requiring user
interaction.
Tasks for the Encryption Client
21