END POINT SECURITY - DUAL PERSONA
Enable Dual Persona
Dual Persona is a technology that lets you move the TDA local Windows user profile + ProgramData away from the local hard drive of the personal device (C:\Users). It creates an isolated Bitlocker-encrypted virtual volume. This will stop the employee from accessing those apps on their device and guarantee the data is saved within this virtual partition on the disk, preventing any attempt to leak data and installing user-based applications on the encrypted drive.
TDA manages the encrypted virtual volume and is only made available when TDA is active. When enabled, users can only save data to this encrypted volume. All other locations, including all local hard drive volumes, are marked read-only when accessed from within the TDA session (if the administrator allows the view of the other volumes). Only applications running inside the TDA session have access to the virtual volume.
Volume Size
Select the maximum size of the virtual volume. Dual Persona is dynamically sized, so the allocation is an absolute maximum. If the data used is less than specified, it will not consume any more than it needs (i.e., 4 GB is the max volume size set, but only 500 MB of data is used, then only 500 MB of space will be taken by the virtual volume.)
EXTREME CAUTION IS ADVISED
When considering and calculating the MAXIMUM allocated drive size. Once set, and with the Dual Persona drive created on the endpoint, it cannot be resized without losing the contents of the drive unless backed up manually. Further changes in the profile won't have any effect unless .vhdx files are located and deleted manually, using the local admin account, from the "C:\ProgramData\TDA\Disks" location.
Volume Label
Specify the formatted volume label of the Dual Persona volume.
Preferred Volume Drive Letter
Select the drive letter that will be assigned to the Dual Persona Volume.
After selecting the volume drive letter, you must allow the view under the profile section: Session Configuration - Device Restrictions.
Use an available drive letter if the preferred one is not available
If enabled and the preferred driver letter is in use on the local device, TDA will use the first available drive letter on the device.
END POINT SECURITY - TEMPORARY STORAGE
Enable Temporary Storage
Temporary Storage is a technology that lets you create a temporary encrypted virtual volume on the personal device that users can use to save data from within the TDA session. TDA manages the Bitlocker encrypted virtual volume and is only made available when TDA is active.
IMPORTANT
Temporary Storage from the v8 will permanently erase its content at session logoff or restart.
Volume Size
Select the maximum size of the virtual volume. The Temporary Storage volume is dynamically sized, so it will only consume actual hard disk space when data is saved.
EXTREME CAUTION IS ADVISED
When considering and calculating the MAXIMUM allocated drive size. Once set, and with the Dual Persona drive created on the endpoint, it cannot be resized without losing the contents of the drive unless backed up manually. Further changes in the profile won't have any effect unless .vhdx files are located and deleted manually, using the local admin account, from the "C:\ProgramData\TDA\Disks" location.
Volume Label
Specify the formatted volume label of the Temporary Storage volume.
Preferred Volume Drive Letter
Select the drive letter that will be assigned to the Temporary Storage Volume.
After selecting the volume drive letter, you must allow the view under the profile section: Session Configuration - Device Restrictions.
Use an available drive letter if the preferred one is not available
If enabled and the preferred driver letter is in use on the local device, TDA will use the first available drive letter on the device.
ATTENTION
If you decide to enable the Virtual Disks (Temporary Storage or Dual Persona), you must create a Bitlock Virtual Disk in your console and assign it to the folder. Please check this KB article for instructions. Management Console Virtual Disks.