How offline activation works

To activate Drive Encryption on a system that has no network connectivity or no connection to McAfee ePO, you can create an offline activation package on the McAfee ePO server and later distribute it to the required client system. This package contains the initial set of policies and a list of offline users.

Once the Drive Encryption software is installed successfully using the MSI packages (Agent and PC packages), you must run the offline activation tool to apply and enforce your selected policies and to add user accounts. When the system is active, encryption commences. If autoboot is not enabled, you might be required to authenticate on the Pre-Boot Authentication page using the offline user account specified as part of the offline install.

Note: These offline users are not part of the Active Directory.

During the activation process, the disk encryption key is written to a user-specified location in an encrypted form. This key is useful in recovery scenarios where the disk encryption key is manually sent to the McAfee ePO server for decryption.

To perform a check on requirements and compatibility of the client system, you must install DEGO 7.2.0 or above to the client system. For more information, see Requirements testing for client systems.

Note: DEGO can't communicate the results to McAfee ePO, however the logging can be used to determine any compatibility issues before offline activation.

What happens when an offline activated system connects to McAfee ePO

Assuming that the offline activation was performed for provisioning purposes, the system connects to McAfee ePO. Upon successful communication with McAfee ePO, the client moves into an online mode. Online mode is a normal connection between the McAfee Agent and McAfee ePO. It discards the offline policy that was enforced at activation. In its place, it receives the real policy from McAfee ePO and the list of assigned users as in a normal activation, and saves its encryption key in McAfee ePO. You could view it as a second, but automatic, activation.