As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Technical Articles ID:
KB79422
Last Modified: 2024-03-15 17:03:05 Etc/GMT
Environment
Drive Encryption (DE) 7.4.x, 7.3.x, 7.2.x
Summary
When Microsoft releases new operating systems or Service Packs, the original Product Guides might not reflect the current support policy for those platforms. Most of the following information is available in the Product Installation Guides and Release Notes. But, some of the information is available only in Product Management statements published in the Knowledge Base. Content in this article supersedes all other published content in both the Guides and Release Notes. If an operating system isn't listed here, that operating system hasn't been tested and isn't supported. If you need support for an operating system that isn't listed here, submit a product idea for that operating system.
Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
DE 7.1.2 is a server-side only feature pack release. There's no client component.
2
DE 7.1.1 is a hybrid release with both solutions for issues and new features.
3
The DE 7.2.0 installer appears as version 7.2.0.64 (GA) in the ePO Master Repository and in Add or Remove Programs on the client system. The installer is now built as a separate component and so its version number might differ from other components.
4
A post DE 7.2.0 (GA) issue was found, where corrupted text was displayed when accessing the Single Sign On (SSO) section. This section is located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon (tab), on systems that use double-byte languages.
The issue is resolved in DE 7.2.0 (Repost). The DE 7.2.0EEAdmin Extension appears as version 7.2.0.456 (GA) and 7.2.0.457 (Repost) in the ePO Extensions.
5
DE 7.2.10 Hotfix 3 and later support Tomcat 9 with ePO 5.10 Update 10.
6
DE 7.4.0 is the last release of DE to support Legacy BIOS. It's designated as a Long-Term Support (LTS) version for customers still using Legacy BIOS. Any major releases after DE 7.4.0 will support native Unified Extensible Firmware Interface (UEFI) systems only. DE 7.4.0 will continue to receive security and critical bug fixes, but won't receive substantial new features.
Extensions shipped with DE
DE Version
Extension Name and Build Number
Data Protection Self-Service Portal (DPSSP)
EEADMIN
EEPC
DEGO
User Directory1
DE 7.4.2 Hotfix 1
1.4.2.8
7.4.2.23
7.4.2.23
7.4.2.23
2.0.3.1
DE 7.4.2
1.4.2.8
7.4.2.10
7.4.2.10
7.4.2.10
2.0.3.1
DE 7.4.1 Hotfix 1
1.4.2.8
7.4.1.30
7.4.1.30
7.4.1.30
2.0.3.1
DE 7.4.1
1.4.2.8
7.4.1.12
7.4.1.12
7.4.1.12
2.0.3.1
DE 7.4.0 Hotfix 1
1.4.2.8
7.4.0.20
7.4.0.20
7.4.0.20
2.0.3.1
DE 7.4.0
1.4.2.8
7.4.0.11
7.4.0.11
7.4.0.11
2.0.2.15
DE 7.3.1 Hotfix 1
1.3.2.10
7.3.1.34
7.3.1.34
7.3.1.34
2.0.2.15
DE 7.3.1
1.3.2.10
7.3.1.20
7.3.1.20
7.3.1.20
2.0.2.15
DE 7.3.0
1.3.2.10
7.3.0.171
7.3.0.171
7.3.0.171
2.0.2.15
DE 7.2.10 Hotfix 3
1.3.2.10
7.2.10.65
7.2.10.65
7.2.10.65
2.0.2.15
DE 7.2.10 Hotfix 2
1.3.2.7
7.2.10.64
7.2.10.64
7.2.10.64
2.0.2.7
DE 7.2.10 Hotfix 1
1.3.2.7
7.2.10.61
7.2.10.61
7.2.10.61
2.0.2.7
DE 7.2.10
1.3.2.7
7.2.20.56
7.2.20.56
7.2.20.56
2.0.2.7
DE 7.2.9
1.3.2.7
7.2.9.5
7.2.9.5
7.2.9.5
2.0.2.7
DE 7.2.8
1.3.2.7
7.2.8.4
7.2.8.4
7.2.8.4
2.0.2.7
DE 7.2.7 (Repost)
1.3.2.7
7.2.7.8
7.2.7.8
7.2.7.8
2.0.2.7
DE 7.2.7
1.3.2.7
7.2.7.7
7.2.7.7
7.2.7.7
2.0.2.7
DE 7.2.6
1.3.2.7
7.2.6.6
7.2.6.6
7.2.6.6
2.0.2.7
DE 7.2.5
1.3.2.7
7.2.5.24
7.2.5.24
7.2.5.24
2.0.2.7
DE 7.2.4
1.3.1.1
7.2.4.2
7.2.4.2
7.2.4.2
2.0.1.1
DE 7.2.3 Hotfix 1225186
1.3.1.1
7.2.3.33
7.2.3.33
7.2.3.29
2.0.1.1
DE 7.2.3 (Repost)
1.3.1.1
7.2.3.29
7.2.3.29
7.2.3.29
2.0.1.1
DE 7.2.3
1.3.1.1
7.2.3.28
7.2.3.28
7.2.3.28
2.0.1.1
DE 7.2.2
1.3.1.1
7.2.2.14
7.2.2.14
7.2.2.14
2.0.1.1
DE 7.2.1
1.3.0.12
7.2.1.24
7.2.1.24
7.2.1.24
2.0.0.23
DE 7.2.0 (Repost)
1.3.0.0
7.2.0.457
7.2.0.456
7.2.0.456
2.0.0.22
DE 7.2.0
1.3.0.0
7.2.0.456
7.2.0.456
7.2.0.456
2.0.0.22
1
The User Directory and DPSSP extensions are provided with the DE package for convenience. But, they're developed as separate components; so, they have their own version number.
Extensions shipped with DE (EOL)
DE Version
Extension Name and Build Number
DPSSP
EEADMIN
EEPC
DEGO
User Directory1
DE 7.1.3 Hotfix 1241165
DE 7.1.3 Hotfix 1208296
1.3.0.6
7.1.3.628
7.1.3.628
7.1.3.628
1.0.0.151
DE 7.1.3 Hotfix 1148978
1.3.0.6
7.1.3.604
7.1.3.604
7.1.3.604
1.0.0.151
DE 7.1.3 Hotfix 1131996
1.3.0.6
7.1.3.590
7.1.3.590
7.1.3.590
1.0.0.151
DE 7.1.3
1.2.0.3
7.1.3.547
7.1.3.547
7.1.3.547
1.0.0.146
DE 7.1.2
1.1.0.37
7.1.2.497
7.1.2.497
7.1.2.497
1.0.0.146
DE 7.1.1
-
7.1.1.454
7.1.1.454
7.1.1.454
1.0.0.146
DE 7.1.0
-
7.1.0.389
7.1.0.389
7.1.0.389
1.0.0.136
1
The User Directory and DPSSP extensions are included in the DE package for convenience. But, they're developed as separate components; so, they have their own version number.
ePO and MA versions that are EOL have been removed.
ePO - Compatible DE Extensions
NOTES:
DE Extensions for ePO are backward compatible and can manage earlier client versions.
ePO 5.10.0 applies to both ePO on-premises and ePO on Amazon Web Services (ePO on AWS).
ePO Release
DE 7.4.2
DE 7.4.1
7.4.0
ePO 5.10 Service Pack 1 Update 2
Yes1
Yes1
ePO 5.10 Service Pack 1 Update 1
Yes1
Yes1
ePO 5.10.0 Update 14–15
Yes
Yes
ePO 5.10.0 Update 10–13
No
No
1
We have had reports of some issues on this version of ePO. To avoid any potential issues, we strongly advise users of User Directory not to upgrade to ePO 5.10 SP1 Update 1 and Update 2 at this time. Our development teams are actively working on a new release of User Directory to resolve these issues.
If you have already upgraded and are experiencing issues related to the User Directory, contact Technical Support for potential workarounds until the new releases become available.
TA / MA - Compatible versions to manage DE clients
TA / MA Release
DE 7.4.2 7.4.1
7.4.0
TA 5.8.0, 5.8.1
Yes
TA 5.7.7–5.7.9
MA 5.7.2–5.7.6
Yes
MA 5.7.0, 5.7.1
Yes
MA 5.6.0–5.6.6
Yes
MA 5.5.0–5.5.2
No
The following tables detail the products supported for use on Windows workstation and server operating systems. Only the most recent versions are included because most customers upgrade to the latest service packs shortly after they're released.
NOTE: If the operating system isn't listed, it isn't supported.
Operating System1
Microsoft
Supported
Service
Pack
DE 7.4.0
7.4.1
7.4.2
DE
7.2.9 7.2.10 7.3.0
7.3.1
DE
7.2.8
DE 7.2.5 7.2.6
7.2.7
DE 7.2.4
DE
7.2.2 7.2.3
DE 7.2.1
DE
7.2.0
Windows Server 2022
(Standard, Datacenter, Datacenter Azure)
-
Yes
Yes
Yes
No
No
No
No
No
Windows Server 2019 Version 2004
Windows Server 2019 Version 1909
Windows Server 2019 Version 1903
Windows Server 2019 Version 1809
(64-bit), (Standard, Datacenter)
-
Yes
Yes
Yes
Yes
No
No
No
No
Windows Server 2016 (64-bit)
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2012 R2 (64-bit)
(Standard, Datacenter)
-
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2012 (64-bit)
(Standard, Datacenter)
-
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2008 (32-bit and 64-bit)
(Standard, Enterprise, Datacenter)
1
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2008 R2 Server Core (Optional 32-bit)13
The default is 64-bit.
-
No
No
No
No
No
No
No
No
Windows Server 2008 R2 (64-bit only)
(Standard, Enterprise, Datacenter)
1
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 Pro for Workstations12
Yes
Yes
Yes
No
No
No
No
No
Windows 11 Version 23H2
Windows 11 Version 22H2
Windows 11 Version 21H2
-
Yes
No
No
No
No
No
No
No
Windows 10 version 22H2
Windows 10 version 21H2 (November 2021 Update)
Windows 10 Enterprise LTSC 2021
Windows 10 version 20H2 (October 2021 Update) Windows 10 version 21H1 (May 2021 Update)
Windows 10 version 2004 (May 2020 Update)
Windows 10 version 1909 (November 2019 Update)
Windows 10 version 1903 (May 2019 Update)
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
No
No
No
No
No
Windows 10 version 1809 (October 2018 Update)
Windows 10 version 1809 Long Term Servicing Channel (LTSC)
(October 2018 Update)8
(Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
No
No
No
No
Windows 10 version 1803 (April 2018 Update)
(Pro, Enterprise) (32-bit and 64-bit)11
-
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows 10 version 1709 (Fall Creators Update10
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 10 version 1703 (Creators Update)9
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Windows 10 version 1607 Long-Term Servicing Branch (LTSB)
(Anniversary Update)7, 8
(Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Windows 10 version 1607 (Anniversary Update)7, 8
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 version 1511 (November Update)
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 version 1507 (General Availability)2, 3, 8
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 8.1 (32-bit and 64-bit)3
(Professional, Enterprise)
-
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 8 (32-bit and 64-bit)3
(Professional, Enterprise)
-
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows RT.14
-
No
No
No
No
No
No
No
No
Windows To Go (all versions)4
-
No
No
No
No
No
No
No
No
Windows 7 (32-bit and 64-bit) Yes5
(Professional, Enterprise, Ultimate)
1
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 7 (32-bit and 64-bit) Yes5
(Professional, Enterprise, Ultimate)
Without
SP
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Vista (64-bit and 32-bit)6
(Business, Ultimate, Enterprise)
-
No
No
No
No
No
No
No
No
n/a = not applicable
1
Dual boot for Windows isn't currently supported. To submit a product idea, see the "Related Information" section below.
Home versions of any Windows operating system aren't tested or supported. DE is an enterprise product that's tested only on enterprise operating system versions.
The Trusted Platform Module (TPM) AutoBoot using the TPM 1.2 chipset is only supported on Windows 8.x and Windows 10 clients with DE 7.1 Update 1 and later. These clients must also be configured to use the UEFI.
4
Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 to boot and run from an external USB hard drive or USB drive. This feature hasn't been tested. If you require this function, see the "Related Information" section of this article. It directs you to instructions about how to submit a product idea and have this function researched for implementation in a future product or update release.
5
Windows 7 isn'tsupported in XP Mode.
6
As of July 2011, Windows Vista SP1 is no longer supported by Microsoft. So, the sustaining and development of Encryption products on this platform hasalso ended.
NOTE: Windows Vista Extended Support reaches its EOL date on April 11, 2017. Support for this operating system will no longer be provided after that date.
Windows Server 2008 R2 Server Core is the first operating system with optional 32-bit support.
14
Windows RT is a version of Windows 8 that runs on mobile devices such as tablet computers.
Supported operating systems for DE on Mac hardware with an Intel® CPU
DE isn'tsupported on any Mac hardware. For support on Mac hardware, install the latest version of Management of Native Encryption. Back to top
IMPORTANT: Technical Supportrecommends that you don't use DPSSP on public computers, and that the browser is closed following recovery.
Browser
Microsoft Edge
Google Chrome
Internet Explorer
Mozilla Firefox
Safari1
1
Use caution when using Safari because of the non-standard behavior of its page caching.
Support for UEFI
IMPORTANT: If you plan to install DE 7.x on a system using native UEFI, Technical Support recommends that you use only the native UEFI mode. This applies when the system is explicitly Windows 8, 8.1, or Windows 10 certified. When the system isn't certified for Windows 8, 8.1, or Windows 10, Support recommends that you change the BIOS settings to put the system into legacy BIOS boot mode. DE 7.x fully supports Windows 8, 8.1, and 10 in BIOS mode.
Technical Support also recommends upgrading your UEFI systems to the latest UEFI firmware level, and testing on a specific native UEFI-capable system before wide-scale deployment.
Some key points about UEFI:
The original EFI developed by Intel has been replaced in favor of UEFI.
UEFI introduces a new boot process. UEFI is a more complex operating system style of BIOS, which includes applications and device drivers. Users don't notice any differences.
Only Windows 7 (64-bit), 8, 8.1, and 10 currently support the UEFI native boot process.
Macs have had a UEFI boot process for quite a bit longer.
Many modern laptops have UEFI, but operate in a backward compatible mode to emulate a legacy BIOS.
Windows 8, 8.1, and 10 can be installed on UEFI systems operating in legacy BIOS compatibility mode or native UEFI mode.
UEFI implementations differ by hardware vendors. Depending on the UEFI implementation, we've seen issues ranging from missing protocols to support for Opal drives. We've also seen issues with USB support provided in the preboot environment when operating in native UEFI mode.
Opal drives
IMPORTANT:
With DE, Opal drives are supported only in the Advanced Host Controller Interface (AHCI) mode.
DE doesn't support the Opal version 2.0 drives, which operate in A user mode, managed through the operating system.
Endpoint Encryption Opal Hardware Compatibility Tool
The Endpoint Encryption Hardware Compatibility Tool gathers data about the Opal drive, and performs some tests on the drives. Use the tool to test an Opal drive to verify that it's compatible, before you use the Opal features. For details, see KB76182 - How to use the Opal Hardware Compatibility Tool.
Intel AMT
AMT Release
DE
7.2.0–
7.2.4
AMT 11.x
No
AMT 10.x
Yes
AMT 9.5
Yes
AMT 9.0
Yes
AMT 8.x
Yes
AMT 7.x
Yes
AMT 6.x
Yes
AMT 5.x and earlier releases
No
Supported tokens and readers used for authentication with DE
Supported languages available in the preboot client
DE 7.x
Brazilian Portuguese
Chinese (traditional)
Chinese (simplified)
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Russian
Spanish
Swedish
Thai
Documentation is available in the following languages.
DE 7.x1
Chinese (traditional)
Chinese (simplified)
English
French
German
Japanese
Korean
Russian
Spanish
1
For DE 7.1.0—7.1.2, the above list applies only to the Product Guide. The Release Notes provided with update releases are generally in U.S. English only, but Release Notes for DE 7.1.3 are also localized. DE 7.1.3 also introduces a new document, Client Transfer between ePO Servers, which is also localized.
IMPORTANT: To avoid possible upgrade problems, perform the following tasks when upgrading from DE 7.1.x or 7.2.x to a later release:
At the ePO console, make sure that there are no LDAP Sync tasks running. If any are running, wait for them to complete.
Disable all LDAP Sync tasks before initiating the upgrade.
Check in the latest DE extensions.
Check in the latest DE Agent and PC software packages.
Re-enable all LDAP Sync tasks.
Deploy the latest DE software packages to the client system.
Restart the client system after the deployment task is complete.
EEPC 7.0.x
DE 7.2.x
IMPORTANT: If you have a system installed with EEPC 7.0.x, you can upgrade to DE 7.1.x or DE 7.2.x. But, you must first upgrade the EEPC extension to either EEPC 7.0 Update 2 (7.0.2) or Update 3 (7.0.3). Then, upgrade the EEAdmin extension to 7.0.4, and follow the procedure described in the Drive Encryption 7.2.0 Product Guide.
Upgrading Windows operating systems
There's a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE.
See the articles below for detailed instructions.
Windows 10 operating systems
There are three upgrade articles covering Windows 10 releases. See the table below for help with using the correct article. The correct article is based on the Windows 10 variant that you're upgrading to, and the version of DE that's installed.
[Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with DE 7.1 Update 3 or later.
NOTES:
Scripts are needed for this upgrade method and are attached to the article.
Microsoft provides a new command-line switch, /ReflectDrivers, which is available only in the Windows 10 Anniversary Update (Build 1607) and later. During the setup and installation phase, this switch allows drivers to be added to the operating system image via the configuration file (*.inf).
[SetupConfig method] A superior method that was developed with Microsoft.
NOTES:
The OSUpgrade packages are included in the DE download package with DE 7.2.1 and later.
Microsoft provides a new command-line switch, /ConfigFileswitch, which is available only in the Windows 10 Anniversary Update (Build 1607) and later. During the setup and installation phase, this switch allows drivers to be added to the operating system image via the configuration file (*.inf).
Product release information - Released To Support (RTS)
DE Release5
Build
DE
Package
Release
Date
DE 7.4.1 Hotfix 1 Release To Support (RTS)4
7.4.1.30
January 18, 2024
DE 7.2.10 Hotfix 1 (RTS)4
7.2.10.61
September 8, 2020
DE 7.2.9 Hotfix 4 (RTS)4
7.2.9.15
November 25, 2019
DE 7.2.9 Hotfix 2 (RTS)4
NOTE: Superseded by DE 7.2.9 HF3
7.2.9.11
September 18, 2019
DE 7.2.9 Hotfix 1 (controlled release)3
NOTE: Superseded by DE 7.2.9 HF3
7.2.9.7
August 10, 2019
DE 7.2.6 Hotfix 1247725(RTS)
(HF1247725)3
7.2.6.11
August 23, 2018
DE 7.2.3 Hotfix 1225186 (RTS)
(HF1225186)3
7.2.3.33
January 17, 2018
DE 7.2.1 Hotfix 1199587 (RTS)
(HF1199587)3
7.2.1.19
June 13, 2017
DE 7.1.0 Update 3 Hotfix 1164502 (RTS)
(HF1164502)3
7.1.3.613
December 8, 2016
DE 7.1.0 Update 3 Hotfix 1098432 (RTS)
(HF1098432)2
7.1.3.571
January 13, 2016
DE 7.1.0 Update 3 Hotfix 1097826 (RTS)
(HF1097826)2
7.1.3.559
October 15, 2015
DE 7.1.0 Update 3 Hotfix 1087719 (RTS)
(HF1087719)2
7.1.3.554
August 18, 2015
DE 7.1.0 Update 1 Hotfix 1044054 (RTS)
(HF1044054)3
7.1.1.1044054
April 7, 2015
DE 7.1.0 Update 1 Hotfix 1025171 (RTS)
(HF1025171) 3
7.1.1.485
December 15, 2014
DE 7.1.0 Update 1 Hotfix 1018149 (RTS)
(HF1018149)3
7.1.1.479
October 30, 2014
DE 7.1.0 Update 1 Hotfix 1005393 (RTS)
(HF1005393)3
7.1.1.470
September 25, 2014
DE 7.1.0 Update 1 Hotfix 992692 (RTS)
(HF992692)3
7.1.1.467
August 27, 2014
DE 7.1.0 Update 1 Hotfix 978195 (RTS)
(HF978195)3
7.1.1.463
June 26, 2014
DE 7.1.0 Update 1 Hotfix 977150 (RTS)
(HF977150)3
7.1.1.461
June 24, 2014
DE 7.1 Hotfix 945213 (RTS)
(HF945213)1
7.1.0.9452131
March 2014
DE 7.1 Hotfix 948245 (RTS)
(HF948245)
7.1.0.424
February 2014
n/a = not available
1
DE 7.1 Hotfix 945213 resolves an issue when upgrading EEPC 6 to DE 7.1; occasionally, the underlying preboot file system becomes corrupted. This condition is most likely to occur in systems that have a slow disk.
2
These hotfixes were previously internal and only RTS. They've now all been rolled-up into DE 7.1.3 Hotfix 1131996 and are no longer available.
3
This hotfix was only RTS. An update or later hotfix superseded it and it's no longer available.
4
RTS only.
We investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website.
Tool to capture hardware compatibility details:
DE 7.1 Update 1 introduces a feature that allows the administrator to capture hardware compatibility settings for specific platforms. The hardware compatibility settings supplied to us through a product idea are used to build a file that can be imported to ePO. It can then be used to activate platforms that exhibit particular issues at preboot.