Media passphrase and unmanaged endpoints

On an unmanaged endpoint (operating in standalone mode) without an activated media passphrase feature, no keys are available after installation since unmanaged endpoints only use local keys. Before encryption can be used, the user has to create a key.

If the media passphrase feature is activated in a removable media policy for these endpoints, the media encryption key is created automatically on the endpoint and can be used for encryption immediately after installation has been completed. It is available as a predefined key in the user's key ring and displayed as <user name> in dialogs for key selection.

If available, the media encryption keys is also used for all initial encryption tasks.