Endpoint monitoring not compatible with upgraded encryption settings
Instructor, no.
Incydr Professional, Enterprise, Horizon, and Gov F2, no.
Incydr Basic, Advanced, and Gov F1, yes.
Overview
Attempting to enable endpoint monitoring in an organization that uses upgraded archive encryption key security results in one of the following error messages:
- "Your changes cannot be applied because one or more organizations use upgraded encryption settings."
- "Your changes cannot be applied because this organization or child organizations use upgraded encryption settings."
Endpoint monitoring and upgraded archive security cannot be used at the same time. Upgraded archive security settings prevent access to a user's archives from any external source, including the Code42 cloud attempting to perform endpoint monitoring functions.
Considerations
- Upgraded archive security may be enabled by:
- Administrators via the Code42 console
- Users via the Code42 agent (unless an administrator locked the archive encryption key setting)
Recommended solution
Reconfigure the users and organizations in your Code42 environment so users with upgraded archive encryption are not in organizations that use endpoint monitoring. Endpoint monitoring and upgraded archive security cannot be used at the same time.
To enable endpoint monitoring for a user with upgraded archive security, follow the steps in the alternative solution below to restart the user's backup.
Alternative solution
The archive security level can never be downgraded, so the only way to enable endpoint monitoring for a user with upgraded archive security is to create a new account for the user and perform a new backup with standard archive encryption.
Repeat the steps below for each affected user.
- Sign in to the Code42 console as an administrator with permissions to manage the affected users.
- Select Administration > Environment > Users.
- Select the affected user.
The User details screen appears. - Select Actions > Edit account details.
- Change the Email Address to indicate this account is no longer in use. For example, change clyde.bailey@example.com to clyde.bailey-deactivated@example.com.
This allows you to re-use the the user's actual email address for the new account. - Click Save.
- Deauthorize the user's devices. Follow these steps for each device associated with the user:
- From the user's details, select the user's device.
- The device details screen appears.
- Select Actions > Deauthorize.
The user is signed out of the Code42 agent on the device.
- Select Administration > Environment > Users.
- Click the Create user to create a new account for the user.
- Lock the archive encryption key setting:
- Go to Administration > Environment > Organizations.
- Select the user's organization.
The organization details screen appears. - Select Actions > Device backup defaults.
- Select Security.
- From Archive Encryption Key, deselect Use default archive encryption key setting.
- Select Standard.
- Click the lock icon.
This prevents users from changing this setting.
- Instruct the user to sign in to the Code42 agent using the new account, and click Start Backup.
- Wait for the new backup to be 100% complete.
- Deactivate the user account with upgraded security. This account's username was updated in Step 5 above to indicate it's no longer in use.
After deactivation, the files backed up by this account cannot be restored, so it is important to make sure the backup for the new user is complete. - Enable endpoint monitoring.