New features

McAfee Management of Native Encryption 4.1.0 includes these new features.

Support for latest Mac operating system

MNE 4.1.0 now supports the latest Mac operating system, Sierra 10.12.0.

Support for additional encryption algorithms (XTS mode)

MNE 4.1.0 supports the latest XTS-AES encryption algorithms that were added into Windows 10 version 1511 (November Update). The XTS-AES encryption algorithm provides additional protection against attacks that "rely on manipulating cipher text to cause predictable changes in plain text". MNE 4.1.0 allows XTS-AES algorithm types to be selected in the BitLocker policy.

The reporting capabilities within MNE are enhanced to allow the algorithm type to be queried for each system. This now shows all encryption algorithms supported by BitLocker, including all hardware encryption algorithms that the eDrive compliant OPAL drives support.

Permit the use of enhanced PINs (BitLocker)

Allow enhanced PINs for startup enables the use of more complex personal identification numbers (PINs) that include uppercase and lowercase letters, symbols, numbers, and spaces at startup.

Once you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. Some client systems might not support enhanced PINs in the pre-boot environment. It is strongly recommended that all systems are checked for compatibility prior to activating this policy option.

End user postponement of activation (BitLocker)

MNE 4.0.0 had introduced the ability for end users to postpone activation of BitLocker. This feature allows the end user to postpone the entry of credentials (PIN/Password) for a predefined time frame. At the end of this time period, the user will be prompted again to enter credentials but may repeat the postponement, and can do so repeatedly.

This feature is enhanced in MNE 4.1.0 to allow the Administrator to define a limit for the number of times a user is allowed to postpone activation. Once this limit is reached, the user will no longer be offered the option to defer activation.

WebAPI command for expiring keys

Many Enterprises leverage internal or third party helpdesk systems to provide recovery options for their user estate. Exposing a WebAPI command for expiring keys ensures that when a recovery action is invoked through the WebAPI, the recovery keys are marked as expired thus ensuring key rotation on next policy enforcement.

Dashboard and reports for activation failures

Rolling out and deploying software to endpoints can provide challenges and introduce additional overhead. MNE 4.1.0 includes additional reporting and a new dashboard entry so that administrators can quickly and intuitively check to see if there are any encryption (activation) failures within their estate and target these systems for follow up action, where appropriate.