FAQs for Endpoint Assistant 2.x
Technical Articles ID:
KB85917
Last Modified: 4/19/2023
Last Modified: 4/19/2023
Environment
Endpoint Assistant (EA) 2.x
Summary
This article is a consolidated list of common questions and answers. It's intended for users who're new to the product, but can be of use to all users.
Recent updates to this article
Contents:
Does EA cost anything?
No. EA is free.
Why do I see references toEA and also Endpoint Assist ?
Back to Contents
What can I do if, when registering the smartphone with EA, I accidentally click 'Finish' before completing the registration?
When you click Finish, the registration screen closes. To have the registration screen displayed again, you must click Switch User and select the option Register smartphone. After authenticating, you'll see the registration screen.
With Single Sign On (SSO) enabled, are users required to confirm their Windows authentication credentials after they reset the preboot password using EA?
Yes, because the SSO credentials are cleared in this case. This operation is similar to the existing administrator-assisted recovery mechanism. The users must confirm their Windows authentication credentials after successfully passing preboot.
Where can I find the EA audit event information about ePO?
You can find the information in the DE: Product Client Events report.
Back to Contents
Is it possible to use EA with a smart card for recovery purposes?
No. EA resets the password used during authentication. There's no method to allow the resetting of the password on the smart card token.
Do I need any additional infrastructure to use EA with FRP?
Yes. You need to set up Conduit Platform infrastructure. Conduit Platform enables mobile devices to communicate with ePO. Conduit Platform is an optional package available on the FRP 5.0.x Product Downloads page.
How do I select users in my environment to use EA to access FRP-encrypted files?
Within ePO, navigate to Data Protection, User Actions. From here, you can select users and then choose to enroll them for mobile device access (User action types drop-down list).
How do I control policies relating to EA, such as controlling the PIN strength?
This can be achieved through the Authentication policy. The policy applicable is displayed when users are selected for mobile device access.
How does the mobile device establish communication with ePO?
After users have been selected for mobile device access, they receive an email. Scanning the QR code or invoking the.mea file attached to the email from the mobile device initiates the registration process.
Users are required to authenticate with their domain credentials during the registration process.
What FRP encryption keys are available on the mobile device?
Encryption keys are assigned to the operating system token. Authentication is available on the mobile device for encrypted file access.
How are the FRP encryption keys protected on the mobile device?
They're protected with the EA PIN, which is similar to how the DE recovery key is protected.
What can users do when they forget the EA PIN?
On entering the wrong PIN three times, or clicking the Recover option, users are taken through a recovery process. During this process, they're required to authenticate with domain credentials. On successfully completing this process, users can reset their PIN.
What audit events/reports are available to the Administrator?
A default query is available in FRP Queries, Mobile, Events. The following is captured and reported back on ePO:
Recent updates to this article
| Date | Update |
| April 19, 2023 | Removed a URL that was no longer working. |
Contents:
| General | Product information, including licensing and miscellaneous topics |
| Compatibility | Interaction between other products and software |
| Functionality | Product features and functions |
What's EA?
EA is a free business application that works with the following:
EA is a free business application that works with the following:
-
Drive Encryption (DE) 7.1 and later
-
File and Removable Media Protection (FRP) 5.0 and later
EA with DE
- EA simplifies the process of recovering a forgotten credential for a computer encrypted with DE.
- Most help desk costs for DE are typically related to user password reset management. EA can be used to completely offload the preboot password reset-related help desk costs to users.
- You can enable users to securely reset preboot passwords, even if they're on an airplane with no access to a telephone to call a help desk.
EA with FRP
EA allows users to securely access encrypted files (FRP-encrypted files) on their mobile device.
Can I download EA myself or does it have to be pushed from ePolicy Orchestrator (ePO)?
You don't have to push from ePO; you can download EA from the following:
EA allows users to securely access encrypted files (FRP-encrypted files) on their mobile device.
Can I download EA myself or does it have to be pushed from ePolicy Orchestrator (ePO)?
You don't have to push from ePO; you can download EA from the following:
- Android/Google Play
- iOS/Apple App Store
Does EA cost anything?
No. EA is free.
Why do I see references to
- EA is the formal product name for the mobile application.
Endpoint Assist is the approved short name. Some mobile operating systems having a restriction on the length of the name displayed on the mobile phone.
What mobile operating systems does EA support?
Review the EA supported operating systems article. For details, see KB85893 - Supported platforms for Endpoint Assistant.
NOTE: For all incompatibility issues, see KB85892 - Endpoint Assistant 2.x Known Issues.
NOTE: For all incompatibility issues, see KB85892 - Endpoint Assistant 2.x Known Issues.
Back to Contents
EA with DE
How long does it take to reset my password using EA?
About one minute.
NOTE: You can reset your password without having to call your help desk, and even if you don't have network connectivity.
How does EA work?
You register your phone with your system, essentially creating a trusted relationship between the two. If you forget your password in preboot, you can start EA and perform a password recovery in preboot.
How does the user set up this relationship between the phone and system?
If enabled by an ePO policy, the preboot environment displays a Quick Response (QR) code. All you have to do is scan the QR code using the EA application and it creates the trusted bond between the phone and system.
If I have multiple laptops, can I set up a relationship with all of them and my phone?
Yes. The EA application can support up to 100 different systems on a phone.
Can one computer support multiple phones?
Yes.
What's the exact procedure if the user forgets the password?
Click the recovery option in preboot. You're then presented with a QR code that you scan with EA. EA then provides you with a response code that you type into preboot. You can now reset your password.
How's the data managed by the EA application protected? Can someone steal both my phone and laptop, and easily get into the laptop using this function?
There's an ePO policy setting where an administrator can specify the protection of the data. This setting is separate from any authentication that you might have for access to the phone itself. It's considered a second layer of protection.
Can someone brute force the PIN on the EA application?
They can always try. But, after three failed attempts, EA permanently wipes all application-related data relating to recovery of DE systems.
If this action was a careless use, can they set up the relationship between the phone and system again?
Yes, by using the same procedure they used the first time.
What happens if I forget my PIN?
You have two choices:
About one minute.
NOTE: You can reset your password without having to call your help desk, and even if you don't have network connectivity.
How does EA work?
You register your phone with your system, essentially creating a trusted relationship between the two. If you forget your password in preboot, you can start EA and perform a password recovery in preboot.
How does the user set up this relationship between the phone and system?
If enabled by an ePO policy, the preboot environment displays a Quick Response (QR) code. All you have to do is scan the QR code using the EA application and it creates the trusted bond between the phone and system.
If I have multiple laptops, can I set up a relationship with all of them and my phone?
Yes. The EA application can support up to 100 different systems on a phone.
Can one computer support multiple phones?
Yes.
What's the exact procedure if the user forgets the password?
Click the recovery option in preboot. You're then presented with a QR code that you scan with EA. EA then provides you with a response code that you type into preboot. You can now reset your password.
How's the data managed by the EA application protected? Can someone steal both my phone and laptop, and easily get into the laptop using this function?
There's an ePO policy setting where an administrator can specify the protection of the data. This setting is separate from any authentication that you might have for access to the phone itself. It's considered a second layer of protection.
Can someone brute force the PIN on the EA application?
They can always try. But, after three failed attempts, EA permanently wipes all application-related data relating to recovery of DE systems.
If this action was a careless use, can they set up the relationship between the phone and system again?
Yes, by using the same procedure they used the first time.
What happens if I forget my PIN?
You have two choices:
- Type a wrong PIN three times, which forces EA to wipe everything.
- You can uninstall EA from your mobile device and reinstall it.
In either case, you can then re-register the system.
NOTE: EA 2.0 introduces the Recovery function, but the recovery option is available only for FRP encryption keys.
How many languages does the App support?
Currently, EA is only available in English, Japanese, Spanish, German, French, and Chinese-Simplified.
How many languages does the App support?
Currently, EA is only available in English, Japanese, Spanish, German, French, and Chinese-Simplified.
Does DE 7.1.x allow an administrator to see which users have registered their smartphones?
Yes, when the users click Finish, following registration at preboot, an audit event is generated. Two user actions related to EA are captured:
Yes, when the users click Finish, following registration at preboot, an audit event is generated. Two user actions related to EA are captured:
- User Registration: The user registers the smartphone or tablet with the system using the EA application.
- User Recovery: The system is recovered using the EA application.
What can I do if, when registering the smartphone with EA, I accidentally click 'Finish' before completing the registration?
When you click Finish, the registration screen closes. To have the registration screen displayed again, you must click Switch User and select the option Register smartphone. After authenticating, you'll see the registration screen.
With Single Sign On (SSO) enabled, are users required to confirm their Windows authentication credentials after they reset the preboot password using EA?
Yes, because the SSO credentials are cleared in this case. This operation is similar to the existing administrator-assisted recovery mechanism. The users must confirm their Windows authentication credentials after successfully passing preboot.
Where can I find the EA audit event information about ePO?
You can find the information in the DE: Product Client Events report.
Back to Contents
EA with FRP
Is it possible to use EA with a smart card for recovery purposes?
No. EA resets the password used during authentication. There's no method to allow the resetting of the password on the smart card token.
Do I need any additional infrastructure to use EA with FRP?
Yes. You need to set up Conduit Platform infrastructure. Conduit Platform enables mobile devices to communicate with ePO. Conduit Platform is an optional package available on the FRP 5.0.x Product Downloads page.
How do I select users in my environment to use EA to access FRP-encrypted files?
Within ePO, navigate to Data Protection, User Actions. From here, you can select users and then choose to enroll them for mobile device access (User action types drop-down list).
How do I control policies relating to EA, such as controlling the PIN strength?
This can be achieved through the Authentication policy. The policy applicable is displayed when users are selected for mobile device access.
How does the mobile device establish communication with ePO?
After users have been selected for mobile device access, they receive an email. Scanning the QR code or invoking the
Users are required to authenticate with their domain credentials during the registration process.
What FRP encryption keys are available on the mobile device?
Encryption keys are assigned to the operating system token. Authentication is available on the mobile device for encrypted file access.
How are the FRP encryption keys protected on the mobile device?
They're protected with the EA PIN, which is similar to how the DE recovery key is protected.
What can users do when they forget the EA PIN?
On entering the wrong PIN three times, or clicking the Recover option, users are taken through a recovery process. During this process, they're required to authenticate with domain credentials. On successfully completing this process, users can reset their PIN.
What audit events/reports are available to the Administrator?
A default query is available in FRP Queries, Mobile, Events. The following is captured and reported back on ePO:
- Events relating to mobile device registration
- EA PIN recovery
- Encrypted file access actions
Affected Products
Languages:
This article is available in the following languages:
