Home office or personal use on 3rd party computers

Behavior on endpoint:

You have to specify the settings in a policy of the type Device Protection\Removable media:

If the company policies additionally define that all files on removable media have to be encrypted in any situation, add the following settings:

At work, Bob and Alice have transparent access to encrypted files on removable media. At home or on 3rd party computers, they can use SafeGuard Portable to open encrypted files. The users only have to enter the media passphrase to access all encrypted files. This is a simple but effective way to encrypt data on all removable media. The goal of this configuration is to reduce user interaction to a minimum while encrypting each and every file on removable media and giving the user access to the encrypted files in offline mode. The user is not permitted to decrypt files on removable media.

Note: In this configuration, users are not allowed to create local keys since it is not necessary for that use case. This has to be specified in a policy of the type Device Protection with Local Storage Devices as Device protection target (General Settings > User is allowed to create a local key > No).

At work, the user has transparent access to encrypted files on removable media. At home, they use SafeGuard Portable to open encrypted files. The user only has to enter the media passphrase to access all encrypted files, regardless of the key used for encrypting them.