Prerequisites: Before enabling DLP features, make sure that Active Directory Certificate Services have been configured.
You can configure the policy to enable encryption of files that are on the user’s devices. We call this “local file encryption”.
Once enabled, each device that uses the Policy will receive a certificate (also known as a key) and local encryption will be applied. Only authenticated users can access data on a device if the certificate is available.
The certificate is used to control access to data on a device. By revoking the certificate in Aranda Datasafe, you delete it from the device and the data on the device becomes inaccessible.
If you enable the Data Theft Prevention feature, the certificate is automatically revoked on devices that do not connect to Aranda Datasafe within a certain period of time (see Enabling Data Theft Prevention).
To enable or disable local file encryption in a policy:
1. Open the Policy Editor for the Policy you want to change (click Policies and then click Policy).
2. Click on the DLP tab.
3. Use the Encryption slider to enable or disable local file encryption (green is enabled, gray is disabled).
4. Click Save or Save & Close to confirm.