Pre-assigned policy (distributed via Client Configuration package) are not applied correctly in case of server contact
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
All supported operating systems
What To Do
If the client has a valid network connection to the SafeGuard Enterprise Server at the time of first reboot after the installation, and can therefore received policies from the database, the following can occur:
The pre-assigned policy will be overwritten with any policy valid for that client configured in the SafeGuard Enterprise Management Center.
If there is no such policy, the policy in place is empty or the client/user account is not yet imported from AD the client will get "empty" policy information which will replace the pre-assigned ones.
In order to prevent this behavior make sure that you only assign pre-defined policy within the Client Configuration package if your clients do not have network connection or assign the same policy to the corresponding OU/Domain level within your AD imported structure.