McAfee Drive Encryption out-of-band management Out-of-band management allows the administrator to connect to a computer's management controller when the computer is turned off, in sleep or hibernate mode, or unresponsive through the operating system. Intel® Active Management Technology (Intel® AMT) is a hardware-based technology for remotely managing and securing Intel® AMT systems using out-of-band communication. Part of the Intel® Management Engine, which is built into systems with Intel® vPro technology, Intel® AMT allows network administrators to maintain, manage, and protect the Intel® AMT client systems through hardware-assisted security and manageability capabilities. The DEDeep extension, available with Drive Encryption and the McAfee ePO Deep Command product, uses Intel® AMT to allow out-of-band encryption management of Intel® AMT systems, locked at the Drive Encryption Pre-Boot screen. The DEDeep extension The Intel® AMT out-of-band feature provides system actions that include Out Of Band - Remediation, Out Of Band - Unlock PBA, and Out Of Band - User Management. Enable the out-of-band feature Using McAfee ePO, you can enable the Drive Encryption out-of-band management features through policies, then perform actions on Intel® AMT provisioned client systems. To enable the configured out-of-band settings, you must enable the Product Settings Policy Out-of-Band → Enable at PBA. Configure the out-of-band remediation functionalityUsing McAfee ePO, you can select a managed system and perform an emergency restart or restore the MBR (assuming that the managed system is connected to a network) by remotely forcing a reboot of the system from a specialist disk image. Configure the out-of-band unlock PBA featureYou can remotely unlock the PBA of Intel® AMT configured/provisioned client systems, so that they can automatically boot and bypass PBA. This feature enables patching processes or security update deployment in your organization on unattended encrypted machines. Configure the out-of-band management featureUsing McAfee ePO, you can remotely reset the password of a user of an encrypted system while it is in the Pre-Boot environment. The user can then log on through Pre-Boot using their new password, and is forced to change the password immediately. Checklist for using Intel® AMT and Drive Encryption The Intel® AMT out-of-band feature within Drive Encryption 7.2.0 provides system actions that include Out Of Band - Remediation, Out Of Band - Unlock PBA, and Out Of Band - User Management.