cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 1 of 17

Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

We are using the latest Drive Encryption 7.1.1 managed by our ePO 5.1.1 server. We have some users who are purchasing the Microsoft Surface Pro 3 tablet/computer. Does anyone know or tried the McAfee Drive Encryption on the Surface Pro 3?

16 Replies
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

Support for Microsoft Surface tablet devices with Drive Encryption 7.1.x - KB79624

There are currently some limitations with the Surface Pro 3 and MDE 7.1. Some of these should be resolved in the next patch. Once the patch has released the KB will be updated and more information regarding the specifics be available in the release notes.

feeeds
Level 9
Report Inappropriate Content
Message 3 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

Any specifics on what these limitations are? I ended up bricking two Pro 3's today. One does not have a policy that allows on screen keyboard, so I cant enter any login information. The other one will not load the OS after I get past the encryption

mmjlz
Level 7
Report Inappropriate Content
Message 4 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

I encrypted one last week and another one yesterday.

Touching with fingers is not working, but the pen works. The type cover is working too, except its touchpad.

I enabled also the OSK because the old Surface 2 Type Cover sometimes typed weird stuff. The preboot USB support option is enabled too.

I switched the user to password (instead usb token) because DE often fails to detect it, then secure boot must be disabled and enabled again.

First I wanted to use MNE but it cannot activate Bitlocker because of a missing keyboard. Dont know why it wont accept the type cover.

DPE
Level 7
Report Inappropriate Content
Message 5 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

mmjlz, i have the same experience with MNE 2.1.0 as you. It will not activate - if you have PIN/password as requirement in your policy - because of missing keyboard. I have sent McAfee a service request (read below) today regarding this, as i believe it should be possible to use MNE with a pin/password as the touch keyboard should be sufficient in preboot (Bitlocker). I think that McAfee actually states that it IS indeed supported McAfee KnowledgeBase - Support for Microsoft Surface tablet devices with Drive Encryption 7.1.x

Hello. We have issues activating bitlocker with MNE 2.1.0 on two Surface 3 Pro tablets. We deploy McAfee Agent and MNE 2.1.0 to the slates successfully, and set up a policy in ePO for MNE (we have 3-400 DE 7.1 clients so we know how this is done :)). The policy is set to active Bitlocker and require a PIN. When the policy hits the client, we are asked by the McAfee Agent to configure a PIN. When we set the PIN, Bitlocker fails to active with this error message: 'Bitlocker Activation Failed. Bitlocker activation failed because preboot authentication is required and no keyboard was detected by the operating system. Please contact your administrator for assistance'. We have configured the GPO (Enabled) mentioned here: http://blogs.technet.com/b/askpfeplat/archive/2014/07/14/bitlocker-pin-on-surface-pro-3-and-other-ta... If i remove the PIN requirement in the MNE Bitlocker policy, then the policy applies successfully. Please advise.


I will let you all know once they reply.

mmjlz
Level 7
Report Inappropriate Content
Message 6 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

I think this must be a bug, with MNE 2.0.1 it activated successfully on the Surface Pro 3.

DPE
Level 7
Report Inappropriate Content
Message 7 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

Thanks. Then i expect that they should be able to solve it asap.


Also, in my humble experience with DE and the Surface 3, i would strongly advise against putting DE encryption on the surface 3. These devices ship with Bitlocker, and even though DE encryption is more resilient and more scalable, the nature of the Surface 3 hardware actually limits most of the attacks that can be done to it. You cant (easily) remove hdd or memory to read from it. With this in mind, one could argue that Bitlocker encryption is enough for these devices, but of course if more than one person is using it you'd have to distribute the pin/password to more than one person...

McAfee Employee dwebb
McAfee Employee
Report Inappropriate Content
Message 8 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

Hi,


" It will not activate - if you have PIN/password as requirement in your policy - because of missing keyboard. I have sent McAfee a service request (read below) today regarding this, as i believe it should be possible to use MNE with a pin/password as the touch keyboard should be sufficient in preboot (Bitlocker).


Please edit your BitLocker policy, and click the Advanced button in the top left.

Then check the option "

The MNE client software will then enable the GPO for you, so you don't have to do it in the domain, and your Surface Pro will activate without issue.

We advise you use this with caution, as using it on a system which really has no preboot input mechanism would leave you locked out as you would not be able to authenticate.


HTH, and if it does, please could you close the service request?


Thanks

mmjlz
Level 7
Report Inappropriate Content
Message 9 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

hehehe well hidden option thank you

but why does it think in 2.1.0 that it has no input device available, and with 2.0.1 it works nicely?...maybe 2.0.1 doesn't check for input devices....

Highlighted
DPE
Level 7
Report Inappropriate Content
Message 10 of 17

Re: Does Drive Encryption 7.1.1 work on the Microsoft Surface Pro 3

Bingo! Worked like a charm. Thanks, i will close the support request.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community