10.0 Policy Enforcement Workflow

After a policy is assigned to a device, the policy enforcement workflow on the device depends on the device type (standard or self-encrypting):

WARNING:When applying a full disk encryption policy, ensure that the encryption process is not interrupted prematurely with a power change on the disk drive(s); otherwise, all data on the disk can be lost due to disk corruption. You can check the encryption status on the device by accessing Full Disk Encryption > About in the ZENworks Adaptive Agent.

Disk corruption due to power change has only been noted on secondary drives, but it may also be applicable to primary drives. For this reason, the following precautions are strongly recommended before applying a full disk encryption policy to a device:

  • If possible, select the AES algorithm when configuring the full disk encryption policy.

    Selecting the AES algorithm should preclude disk corruption from occurring in the event of a power-down during encryption. However, the additional precautions are best practices that will reduce the risk of possible disk corruption.

  • Pre-configure devices receiving the policy so that power options are set to never automatically shut off, hibernate, or sleep.

  • Inform all device users of the need to keep their devices running during the encryption process, to include avoiding Sleep and Hibernation options.