New features This release of the product includes these new features. Use of Trusted Platform Module (TPM) for automatic booting This release provides support for TPM 2.0 that allows users to preserve the end user experience on Windows 8 systems that have TPM 2.0 onboard. Hardening against cold-boot attacks Windows 8 tablets, and systems that support Connected Standby, increase the possibility of a cold-boot attack as the system never shuts down but remains in a standby mode. This release hardens systems against cold-boot attacks by making sure that the key is not kept in memory when the system is locked, or in the connected standby state. Additionally, it can also remove the key from memory when the user logs off. All connected standby functionality works as expected. User management through User Directory EEPC 5.x.x users who were manually created in the Endpoint Encryption Manager (and not a part of Active Directory or another LDAP Server) can now be managed by the User Directory. This is a new functionality introduced in both McAfee ePO and Drive Encryption that removes the dependency on Active Directory. Legacy customers can migrate their existing users to User Directory. Large number of users You can now accommodate large number of users in pre-boot. The maximum number of users that you can now accommodate is 5000 to the previous 250. However, McAfee recommends minimizing the number of users assigned for better performance. Smartphone recovery Users can now recover their passwords by using their companion device like mobile or tablet. Users should install the McAfee Endpoint Assistant 1.0 application on their smartphones, register the system with the smartphone, then scan the Quick Response (QR) code in order to recover their password. Users can download this free application from Google Play for Android supported smartphones or Apple Appstore for iOS supported smartphones. Note: McAfee recommends the users to perform smartphone recovery over administrator and self recoveries for a quicker and better experience. Support for additional tokens This release provides support for SafeNet iKey 2032 and Monet+ tokens. For more information about these tokens, see these KnowledgeBase articles KB76589, KB79787, and KB79788. FIPS certification McAfee Core Cryptographic Module (MCCM) is undergoing certification for Federal Information Processing Standards (FIPS) 140-2, and these cryptographic modules are included in Drive Encryption 7.1. The current status of this certification is available on the National Institute of Standards and Technology (NIST) website. Support for Single-Sign-On (SSO) from hibernate The client system will now SSO from hibernate if the user who authenticates from system resume was the one who hibernated the system. However, if the user who authenticates the system resume was not the one who hibernated the system, the user will see the Windows logon screen to authenticate. For more information, see these KnowledgeBase articles KB77144, KB76110, and KB76591. OS Refresh Users can perform a major OS upgrade/refresh of the system's Windows operating system that is encrypted with Drive Encryption 7.1 or previous versions. This process will retain the encryption status for the entire process. For more information, see this KnowledgeBase article KB60832.