Creating read-only policies

When you start the deployment of Synchronized Encryption, users should be able to read encrypted documents but not encrypt them. You can then start turning on encryption for dedicated groups, and eventually for everybody.

This first policy is a read-only policy.

Windows

For Windows users this means that you create a Synchronized Encryption policy including all your applications and specify Defined locations as the Encryption scope but not define locations.

For detailed information, see the SafeGuard Enterprise administrator help, Create read-only policy for Windows endpoints

macOS

Macs behave differently to Windows. On macOS computers, reading encrypted files only works in defined locations.

This means that the read-only policy for Windows users cannot be used for Macs.

For Macs you have to create a policy of type File Encryption and select Location-based as the encryption type. You need to add at least one location, exclude it from encryption and communicate the location to your Mac users. This can for example be <Documents>/Encrypted. Users who want to read an encrypted document should then move or copy the file to that location first.

For detailed information, see the SafeGuard Enterprise administrator help, Create read-only policy for Mac endpoints.