The Disk Encryption policy lets you configure both full disk encryption and pre-boot authentication for a device.
When applied to a device with a standard hard disk, the Disk Encryption policy can provide both full disk encryption and pre-boot authentication. When applied to a device with a self-encrypting hard disk, the full disk encryption settings are ignored and only the pre-boot authentication is enforced.
Watch the following videos to see how to create a Disk Encryption policy and deploy it to devices:
The following sections explain how to create a new Disk Encryption policy by using the Create New Policy Wizard.
Section 7.2, Configure Disk Encryption - Volumes, Algorithm, and Emergency Recovery
Section 7.3, Configure Disk Encryption - Admin Password and Encryption Initialization
Section 7.4, Configure Pre-Boot Authentication - Authentication Methods
Section 7.5, Configure Pre-Boot Authentication - Reboot and Lockout
Section 7.6, Configure Pre-Boot Authentication - Hardware Compatibility
In addition to using the wizard, you can create policies by:
Copying an existing Disk Encryption policy. All original system requirements, details, and settings are copied to the new policy. You can then make any desired modifications to the new policy. See Section 14.2, Copying a Policy.
Creating a Sandbox version of an existing Disk Encryption policy and then publishing it as a new policy. For information, see Section 13.2, Publishing a Sandbox Version.