December 9, 2014
Announcing the availability of McAfee Management of Native Encryption (MNE) 2.1 for Apple FileVault and Microsoft BitLocker management via ePolicy Orchestrator (ePO).
Available now, McAfee announces the release of Management of Native Encryption (MNE) 2.1. This release contains several important new product enhancements and defect fixes. Details of the new features in this release are listed in the section below.
MNE is the primary solution for Mac OS X and replaces McAfee “EEMac” that is EOL December 31, 2014, please refer to End of Life and End of Sale for Endpoint Encryption for Mac 7.0 KB79877
Management of Native Encryption is available in the following Endpoint Security Suites:
- McAfee Complete Data Protection
- McAfee Complete Data Protection - Advanced
- McAfee Complete Endpoint Protection - Business
- McAfee Endpoint Protection for SMB - Advanced
Please refer to the following articles for suitability in your environment,
New Features in this Release:
Pre-flight inspection (Mac OS X and Windows)
Compatibility and installation readiness checks for both Mac OS X and Windows clients. System compatibility and installation readiness checks are now performed for both Mac OS X and Windows clients before encryption is activated.Non-compliant systems will be reported back in ePO for reporting, adding to remediation workflow enhancements.
Support for Windows Server 2012 R2
MNE client now supports deployments on Windows Server 2012 R2 physical hardware, extending the reach of MNE and protection profiles for server based platforms.
Time-based recovery key rotation for BitLocker (Windows)
McAfee ePO policy options to configure time-based rotation and escrow of recovery keys for Windows BitLocker systems, achieving parity with MNE for Apple FileVault functionality.
Windows BitLocker tablet support options
It may not be possible to be compliant with a BitLocker policy that requires “TPM+PIN” or “Password” because BitLocker does not provide support for on-screen keyboards at pre-boot for tablets and slates. As a result, Windows BitLocker will refuse to activate on these systems.MNE now provides a policy option to force the activation of BitLocker on these devices bypassing BitLocker’s default behavior of not activating.
Compliance reporting (Mac OS X and Windows)
The ePO Administrator can now quickly and efficiently identify and report on endpoints that are in compliance with the security policy of the organization. The administrator can also quickly identify the reason(s) why the endpoints are not in compliance and pursue remediation action as necessary.
User experience and workflow enhancements (Windows)
New client balloon messaging feature for Windows clients provides a seamless end-user experience through the use of popup messages.Microsoft BitLocker users are now notified via temporary popup balloons, prompting them to take action when required by changes in BitLocker configuration.
DPSSP permission set for unblocking users or IP addresses (Mac OS X and Windows)
The Data Protection Self Service Portal (DPSSP) permission set allows you to remove users or IP addresses from the blocked list in the event of multiple failed logons (in the DPSSP portal).Prevent MNE Client uninstallation from Windows Control Panel (Windows)
The ePO administrator can now configure the MNE client to be grayed out in the Add/Remove Programs portion of the Windows control panel. This will prevent an end user with administrative privileges from easily finding and uninstalling the MNE Client from the control panel helping to ensure systems remain in a compliant state.
New recovery key escrow on FileVault enabled systems (Mac OS X)
Systems that have previously been enabled with Mac OS X FileVault can now automatically escrow their recovery keys directly to McAfee ePO. The MNE Mac OS X client will prompt the user for authentication and; once successfully authenticated, the recovery key of the client system will be escrowed in ePO.
Mac OS X recovery key import using the MNE command-line tool (Mac OS X)
The new MNE CLI (Command-Line Interface) tool for Mac OS X Mavericks and above enables the intuitive escrow of recovery keys directly to the McAfee ePO database from the client.
Management of Native Encryption 2.1 (MNE 2.1) is available in the following languages:
- ePO Extensions (MNEAdmin, DPSSP): English, Japanese, French, Spanish, German
- Mac OS X Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
- Windows Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
- MNE 2.1 Product Guide:PD25578
- MNE 2.1 FAQs:KB79614
- MNE 2.1 Best Practices Guide PD25264
- Delta Product Training for MNE 2.1McAfee University
- Release Notes for MNE 2.1:PD25577
For more information:
- Supported Platforms, Environments, and Operating Systems for Management of Native EncryptionKB79375
- Support for Windows To GoKB82249
- Management of Native Encryption 2.x.x Known Issues KB82245
The product is now available for customers from McAfee Product Downloads with a valid grant number.
Internally, the product and documentation is available at:
Many thanks to everyone who participated in this release and made it possible.
If you have any questions, please feel free to reach out to:
McAfee Management of Native Encryption Team