Did this ever work?...if the machine does not communicate with the ePO, how does it get the policy?
Sure it works. Consider this scenario. A new machine is built, encrypted, pre-boot is activated and it is synced with EPO.
User takes the machine out of the office... does not sync with EPO.
We want to run a report so we can identify systems that have no synced in 20 days.
Yes, create a new query and set the filter for last communication is not within the last 20 days. My question was how will the PBA screen gets disabled ? The machine would have to have network connectivity for the policy to be pushed down and enforced...
This feature is available from v6.1.2. This forms part of your policy which you will assign to the system to enable pre-boot and or encryption. The system (endpoint) will activate this feature when it does not perform successful ASCI in x amount of time (days).