Automatic network unlock

Automatic network unlock is a feature ideally suited for protecting servers. It can be used to automatically unlock fixed data volumes while they are on the corporate network and while server rules permit, and prevent unlock when not on the corporate network or when server rules deny access.

To enable network unlock, it's necessary to assign a suitable BitLocker product policy to the system (as described earlier in this guide), and also define access rules as discussed below.

When a Fixed volume is mounted, the MNE client software requests the unlock key from McAfee ePO. If a suitable access control rule has been provided, McAfee ePO will release the unlock key to the client, which will unlock the Fixed volume. If no suitable rule can be found, or the rule denies access, no key will be released by McAfee ePO and the Fixed volume will remain locked.

In this release, network unlock is available on Fixed volumes only. To avoid the need for any user authentication when the system is booted, OS volumes might be left unencrypted, or can be encrypted but with protection disabled.

Access rules can be defined on the Server Settings page. For more information, see the Automatic unlock of fixed volumes for client systems topic. This feature is applicable for endpoints installed with MNE 4.0.0 and above only.

For more information on setting network unlock policies, see the Product policies section.