Showing results for 
Search instead for 
Did you mean: 
Level 7

EEFF 4.0 Grant Key Policy

I am trying to set up user based encryption for different departments. As such, I have created a key for each department. Now I am unsure regarding the Grant Key Policy. Should all departmental keys be placed into one Grant Key Policy or should there be a separate Grant Key Policy for each department? The documentation does not provide much insight and I want to make sure to follow best practices.  Also, is it necessary to create a task to push out the EEFF policy to client systems, and if so how is this accomplished? Thank you.

0 Kudos
2 Replies
Level 12

Re: EEFF 4.0 Grant Key Policy

I recommend that you read this post and watch the video The video shows how to assign specific keys to specific people using policy assignment rules. That is the best route for departmental keys. It also has a link to a KB that explains the policy creation workflow.

In short, policy assignment rules (user based) are what you are looking for. So that means you will have to create a grant keys policy for each department, and then go into policy assignment rules and associate each of those grant keys policy with the correct people/departments based on their AD group membership.

0 Kudos
Level 10

Re: EEFF 4.0 Grant Key Policy

Also i recommend to get a well defined name convention for eeff keys for best practices, and align the group membership name with that eeff.  If you maintain a good name convention you can obtain a better managment to apply the keys..

0 Kudos