Users Guide

● On some computers, Microsoft KB4015219 may fail to install. [DDPC-5789]

Preboot Authentication v8.13

● Amended 8/2017 - Preboot Authentication fails with some docking stations and adapters. For a list of docking stations and

adapters that are supported with PBA, see www.dell.com/support/article/us/en/19/sln296720/. [DDPC-2693, DDPC-6228]

SED Client v8.13

● Amended 7/2017 - Configuration of self-encrypting drives for Dell’s SED management differ between NVMe and non-NVMe

(SATA) drives, as follows.

○ Any NVMe drive that is being leveraged as an SED – The BIOS’ SATA operation must be set to RAID ON, as Dell’s SED

management does not support AHCI on NVMe drives.

○ Any NVMe drive that is being leveraged as an SED – The BIOS's boot mode must be UEFI and Legacy option ROMs must

be disabled.

○ Any non-NVMe drive that is being leveraged as an SED – The BIOS’ SATA operation must be set to AHCI, as Dell’s SED

management does not support RAID with non-NVMe drives.

￭ RAID ON is not supported because access to read and write RAID-related data (at a sector that is not available on a

locked non-NVMe drive) is not accessible at start-up, and cannot wait to read this data until after the user is logged

on.

￭ The operating system will crash when switched from RAID ON > AHCI if the AHCI controller drivers are not pre-

installed. For instructions on how to switch from RAID > AHCI (or vice versa), see http://www.dell.com/support/

article/us/en/19/SLN306460.

Supported OPAL compliant SEDs require updated Intel Rapid Storage Technology Drivers, located at http://www.dell.com/

support/home/us/en/04/product-support/product/dell-data-protection-encryption/drivers.

Dell recommends Intel Rapid Storage Technology Driver version 15.2.0.0 or later, with NVMe drives.

[DDPC-5941, DDPC-6219]

BitLocker Manager

● The top part of the option "Use a password to unlock the drive" is cut off in the BitLocker Drive Encryption dialog.

[DDPC-5728]

● Added 8/2017 - Due to changes to Microsoft validation profiles level (PCRs), BitLocker Manager might not begin encrypting

on Windows 10. To correct this issue, obtain and apply the Enterprise Server v9.7 update that corrects this issue or upgrade

to Security Management Server v9.8. For more information about the v9.7 update, see http://www.dell.com/support/

article/us/en/19/sln305948/. [DDPC-5790]

New Features and Functionality v8.12

● Secure Lifecycle now offers the following:

○ Audit events logs can now be exported from the Dell Server to SIEM.

○ Protected Office Mode now protects macro-enabled Office documents (.docm, .pptm, .xlsm).

○ File sharing is improved with introduction of the Full Access List, which replaces the Whitelist and Graylist, in the Dell

Server Remote Management Console.

○ Internal users now auto-activate after installation.

○ When Office documents or macro-enabled documents are created on an Android or iOS client that is not connected to

the Dell Server, keys are generated offline and then uploaded to the Dell Server the next time the device is online.

○ New geofencing policies for Android and iOS clients allow administrators to restrict protected Office document and .xen

file access to a specified region. Regions currently include the United States and Canada.

● Added 4/2017 - The Encryption client is now supported with Windows Server 2016 - Standard Edition, Essentials Edition, and

Datacenter Edition.

● Added 4/2017 - BitLocker Manager is now supported with Server 2012 and Server 2012 R2 - Standard Edition and Enterprise

Edition (64-bit).

Technical Advisories