Hi Toby, Thank your for your feedback Consider the following scenario: I will use file based full disk encryption on all non-boot volumes. I will use volume based full disk encryption on boot volume since this is the only option the persistent encryption is enabled I am quoting the following from the KB 117783 "When a user saves an encrypted file with Save As under a different file name in a location not covered by an encryption rule, the file will be plain text." The user opens a file from a file based encrypted volume then use Save As option and saves the file with a different name on location on the boot volume The new file will not be encrypted (the boot volume is using volume based encryption) and he can send it (using email for example) and the recipient can read the file without needing SGN cleint and key Is there is a way to prevent that and make the file always encrypted anywhere on the computer?
↧