MS Data Encryption Policy - controlling access

ZCM 2020.  This may be more of a Microsoft question, but I've spent some time searching and have yet to find an answer.  I just created a test policy for MDEP.  The policy just encrypts a single folder and is assigned to my PC.  As soon as the policy applied, the folder and its files changed color signifying they were encrypted.  I logged into the PC as another user assuming the files would be encrypted and the second user would not have access.  But I was able to open and read the files.  Am I missing something within the ZCM Security Policy or is there something additional required on the Windows side to make this work properly?

Parents
  • Verified Answer

    And after a little more digging, I found the following in the ZCM help screen:

    -------------------------------------

    Folders that you add to the Default Encrypted Folder list can be private to the end user or public, depending on the folder path. Any folders you add in the user’s directory are private folders, and any folders you add outside the user’s directory or public folders. For example:

    • Private folder: C:\%USERPROFILE%\Documents

    • Public folder: C:\EncryptedDocuments

    IMPORTANT:All folders created by a user on a device with the policy applied are private folders. Public or multi-user folders as described above are NOT currently supported.

    -------------------------------------

    The above was copied directly from help...I think this line "and any folders you add outside the user’s directory or public folders." should read "and any folders you add outside the user’s directory ARE public folders."

    The IMPORTANT section first states that all folders created by the user are private.  This is wrong.  My testing shows that folders created within the user's profile are private.  And the reason my first test was failing was because I created what is defined above as a public folder.  This text should be corrected also.

    But at least I know how it works now.

Reply
  • Verified Answer

    And after a little more digging, I found the following in the ZCM help screen:

    -------------------------------------

    Folders that you add to the Default Encrypted Folder list can be private to the end user or public, depending on the folder path. Any folders you add in the user’s directory are private folders, and any folders you add outside the user’s directory or public folders. For example:

    • Private folder: C:\%USERPROFILE%\Documents

    • Public folder: C:\EncryptedDocuments

    IMPORTANT:All folders created by a user on a device with the policy applied are private folders. Public or multi-user folders as described above are NOT currently supported.

    -------------------------------------

    The above was copied directly from help...I think this line "and any folders you add outside the user’s directory or public folders." should read "and any folders you add outside the user’s directory ARE public folders."

    The IMPORTANT section first states that all folders created by the user are private.  This is wrong.  My testing shows that folders created within the user's profile are private.  And the reason my first test was failing was because I created what is defined above as a public folder.  This text should be corrected also.

    But at least I know how it works now.

Children