RELEASE ANNOUNCEMENT: McAfee Management of Native Encryption 4.1.0

Version 1

    March 29th  2016

    Announcing the availability of McAfee Management of Native Encryption (MNE) 4.1.0 for Apple FileVault and Microsoft BitLocker management via ePolicy Orchestrator (ePO).


    Available now, McAfee announces the release of Management of Native Encryption (MNE) 4.1.0. This release contains several important new product enhancements and defect fixes. Details of the new enhancements in this release are listed in the section below.

     

    MNE is the primary solution for Mac OS X and replaces McAfee “EEMac” that went EOL December 31, 2014; please refer to End of Life and End of Sale for Endpoint Encryption for Mac 7.0 KB79877

     

    Management of Native Encryption is available in the following Endpoint Security Suites:

       

    Please refer to the following articles for suitability in your environment:

     

    New Enhancements in this Release:

    Support for additional encryption algorithms (XTS mode)


    MNE has added support for the latest XTS-AES encryption algorithms that were added into Windows 10 version 1511 (November Update).The XTS-AES encryption algorithm provides additional protection against attacks that “rely on manipulating cipher text to cause predictable changes in plain text.” MNE 4.1 allows XTS-AES algorithm types to be selected in the BitLocker policy.

    The reporting capabilities within MNE have also been enhanced to allow the algorithm type to be queried for each system. This now shows all encryption algorithms supported by BitLocker, including all hardware encryption algorithms that the eDrive compliant OPAL drives support.


    Permit the use of enhanced PIN (BitLocker)


    Allow enhanced PINs for startup enables the use of more complex personal identification numbers (PINs) that include uppercase and lowercase letters, symbols, numbers, and spaces at startup.

    Once you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. Some computers might not support enhanced PINs in the pre-boot environment. It is strongly recommended that all systems are checked for compatibility prior to activating this in policy.


    End user postponement of activation (BitLocker)


    MNE 4.0.0 introduced the ability for end users to postpone activation of BitLocker. This feature allows the end user to postpone the entry of credentials (PIN/Password) for a predefined timeframe. At the end of this time period, the user will be prompted again to enter credentials but may repeat the postponement, and can do so repeatedly.

    This feature has been enhanced in MNE 4.1 to allow the Administrator to define a limit for the number of times a user is allowed to postpone activation. Once this limit is reached, the user will no longer be offered the option to defer activation.

    WebAPI command for expiring keys                                                                                                                                                                                                               

    Many Enterprises leverage internal or 3rd party helpdesk systems to provide recovery options for their user estate. Exposing a WebAPI command for expiring keys ensures that when a recovery action is invoked via the WebAPI, the recovery keys are marked as expired thus ensuring key rotation on next policy enforcement.

    Dashboard and reports for activation failures

    Rolling out and deploying software to endpoints can provide challenges and introduce additional overhead. MNE 4.1 now includes additional reporting and a new dashboard entry so that administrators can quickly and intuitively check to see if there are any encryption (activation) failures within their estate and target these systems for follow up action where appropriate.


    Management of Native Encryption 4.1.0 (MNE 4.1.0) is available in the following languages:


    • ePO Extension (MNEAdmin): English, Japanese, French, Spanish, German
    • Mac OS X Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
    • Windows Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional, Italian, Portuguese Brazilian, Czech, Danish, Dutch, Finnish, Greek, Hungarian, Norwegian, Polish, Portuguese, Russian, Slovak, Slovenian, Swedish, and Turkish.
    • DPSSP extension: English, Brazilian Portuguese, Chinese-Simplified, Chinese-Traditional, Danish, Dutch, French, Finnish, German, Italian, Japanese, Korean , Norwegian, Portuguese, Russian, Spanish, Swedish, Turkish

       

    Useful links:

     

    For more information:

    • Supported Platforms, Environments, and Operating Systems for Management of Native Encryption: KB79375
    • Support for Windows To Go: KB82249
    • Management of Native Encryption 4.x Known Issues: KB86057


    Availability:

     

    The product is now available for customers from McAfee Product Downloads with a valid grant number.

    Internally, the product and documentation is available at:

    \\ca-server\Products\McAfeeB2B\Encryption\MNE

     

    Many thanks to everyone who participated in this release and made it possible.

     

    If you have any questions, please feel free to reach out to:

    Stuart Bayliss (Group Product Manager)

     

    Best Regards,

    McAfee Management of Native Encryption Team


    [BS1]Better wording?

     

    [BS2]Added pre-req link