Installing and Deploying Full Disk Encryption
After a package that includes Full Disk Encryption is successfully installed on a client, many requirements must be met before the Full Disk Encryption policy can be enforced. Before these requirements are met, the Pre-boot does not open. The period of time between the installation and when the policy can be enforced is called the Full Disk Encryption Deployment Phase.
To move from Deployment phase to Full Disk Encryption policy enforcement, these requirements must be met:
-
There must be communication between the client and the server.
-
The client must receive Full Disk Encryption and user policies from the server.
-
Users must be acquired according to the configured policy.
-
At least one user account must be configured.
-
The client must send a recovery file to the server.
-
The required System Area must be created and boot records must be updated according to the configuration (this includes the activation of Pre-boot).
-
The device must have the Client requirements or Full Disk Encryption.
If there is communication between the client and server and the client meets the Client requirements, all of the requirements are completed automatically. However, if these requirements are not met, Full Disk Encryption cannot protect the computer and the Pre-boot cannot open.