Installation prerequisites

Before installing MNE, or subsequently enabling BitLocker on a Windows client or FileVault on a Mac OS X client, ensure that the following relevant pre-requisites are satisfied.

Table 1: Prerequisite checklist
List Check
Ensure the target client system(s) meets the system requirements as detailed in KB79375. [ ]
Make sure the target client system(s) are running supported versions of Windows or Mac OS X. For more details, refer to this KnowledgeBase article: KB79375. [ ]
Before you can deploy MNE to a client system, it must be running a supported version of the McAfee Agent and McAfee ePO. For more details, refer to this KnowledgeBase article: KB79375. [ ]
Mac OS X client systems will also need to have a recovery partition available before they can be successfully encrypted. For more details, refer to this KnowledgeBase article: KB83473. [ ]
BitLocker systems need a system partition, in which case you may need to create the system partition before BitLocker can encrypt the drive. For more details, refer to this website: https://technet.microsoft.com/en-us/library/hh831507.aspx#BKMK_HSRequirements. [ ]
Ensure that Mac OS X client systems are not using Institutional Key as these are not currently supported. For more details, refer to this KnowledgeBase article: KB82774. [ ]
Ensure that client systems do not have other full-disk encryption products installed, such as McAfee Drive Encryption or other third party products. [ ]
For Mac OS X clients, it is possible for existing Endpoint Encryption for Mac (EEMac) customers to migrate to MNE. [ ]

For Windows clients, if you wish to use TPM protection, MNE supports TPM and TPM+PIN authentication. Password authentication is only available with Windows 8 and later.

Warning: Windows 7 BitLocker does not support password authentication, and consequently if a password authentication policy is applied to a BitLocker system that does not have TPM (or where the TPM has not been activated), BitLocker will fail to encrypt since there is no suitable authentication mechanism available.
[ ]
If a client is running Windows 7 and you wish to use TPM protection, TPM must be enabled prior to encrypting the hard drive with BitLocker. (TPM is enabled automatically on Windows 8 and later). Please refer to Microsoft documentation for information on how to enable TPM on Windows 7. (For example, see Technet article on "Enable and Use TPM Services") [ ]
For slates/tablets it may be necessary to enable the advanced GPO option in the MNE BitLocker policy to allow encryption on clients that report having no pre-boot input support. For more details, refer to the Product policies section. [ ]
If you enable the Use enhanced PIN if supported policy option, all new TPM and PIN protectors will use enhanced PINs. Some systems may not support enhanced PINs in the pre-boot environment, resulting in a BitLocker encryption failure. It is strongly recommended that you check your estate prior to enabling this feature. [ ]