Dell Data Guardian Windows, Mac, Mobile, and Web User Guide v2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016-2019 Dell Inc. All rights reserved.Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................7 Overview............................................................................................................................................................................. 7 Encryption Options for Data Guardian.......................................................................................................................
Check for Policy Updates................................................................................................................................................23 Locate Log Files................................................................................................................................................................23 Upgrade Data Guardian.............................................................................................................................................
Use Protected Office Documents with Mobile.......................................................................................................47 Protect Non-Office File Extension Types with Data Guardian............................................................................. 48 Use Cloud Protection with Mobile........................................................................................................................... 48 Use Additional Policies with Mobile...............................
Identify those in your access group.........................................................................................................................63 Use a transitional period to process shared files....................................................................................................63 Collaborate on newly created files after the transitional period...........................................................................
1 Introduction The Dell Data Guardian User Guide provides the information needed to install and use Data Guardian on Windows, Mac, Mobile, or a web portal. Overview Data Guardian can protect data in a large number of file types whether stored locally, shared with other users in various ways, or stored on removable media. Your administrator can enable policies that protect data, for example: • Basic File Protection - Your administrator defines non-Office file extensions to protect (like .txt or .
• Policy settings Basic File Protection (Windows, Mac, mobile, and web portal) Your administrator can configure a policy to specify non-Office applications and file types to be encrypted. Your administrator will inform you which file extensions will be swept and protected (like .txt or .png) and the applications that can open the file type to your enterprise. Option Description Basic File Protection Windows, Mac, and mobile - These files are swept and encrypted.
Office documents - Windows Your administrator can set additional Data Guardian policies to control or prevent data loss through these options. Encryption behavior may differ depending on the mode.
Option Description (Opt-in and Force Protect modes) Access Groups (on-prem) When enabled by your administrator, only people in your access group can view your encrypted files. You can also grant access to internal and external users for individual files and they can request access. (Windows, Mac, mobile, and web portal) Encryption behavior may differ depending on the platform and mode.
Platform Location of policy settings Mac Preferences pane Mobile Settings icon > About Web portal Settings icon > About Additional Support Should you need additional support beyond this document, contact your administrator. Data Guardian User Guide v2.
2 Requirements Client hardware and software requirements are provided in this chapter. Dell Server Data Guardian for Windows, Mac, and Mobile requires Security Management Server or Security Management Server Virtual v9.6 or higher. The Data Guardian web client requires Security Management Server or Security Management Server Virtual v9.8 or higher.
NOTE: For Windows 7 and Windows 8.1, the computers should be up-to-date with Windows Updates. For more information, see https:// support.microsoft.com/en-us/help/2919355 and https://support.microsoft.com/en-us/help/2999226. .msi prerequisites You must install Microsoft Visual Studio C++ 2017 Redistributable Package (x86 and x64). NOTE: In addition, if running MSI, you must also install Visual Studio 2010 Tools for Office Runtime (x86 and x64). General prerequisite Microsoft .Net 4.5.
NOTE: Data Guardian is not compatible with Microsoft's Windows Defender Exploit Guard (WDEG) in Redstone 3 and higher or with Enhanced Mitigation Experience Toolkit (EMET) in Redstone 2 and lower. Windows 7 is not supported with the geolocation policy for Data Guardian audit events. Data Guardian does not support multiple versions of Office on one computer. Microsoft Office Data Guardian supports the following versions of Office. However, you must have just one version of Office installed.
Cloud Storage Providers Based on policy settings, the following can display in the Data Guardian for Mac interface. The user does not need to download or install the cloud sync client. Cloud Storage Providers • Dropbox • Box • Google Drive NOTE: Google Backup and Sync is not supported. • OneDrive • OneDrive for Business Microsoft Office Data Guardian for Mac supports the following versions of Office.
iOS Operating Systems • iOS 10.x—10.3.3 • iOS 11.x—11.4.1 • iOS 12.x—12.3 Chromebook Operating System Chrome OS version M53 or higher is required to run Android applications on Chrome OS. These devices are validated to run Android apps on Chrome OS, but confirm your option with your sales representative: • https://www.chromium.org/chromium-os/chrome-os-systems-supporting-android-apps Microsoft Office Data Guardian for Mobile Application can open files created with the following versions of Office.
Virtualized Environments – – – – – • An Operating System is not required See http://www.vmware.com/resources/compatibility/search.php for a complete list of supported Host Operating Systems Hardware must conform to minimum VMware requirements 4 GB minimum RAM for dedicated image resource See http://pubs.vmware.com/vsphere-55/index.
Adobe Acrobat For Windows and Mac, protected .pdf files can be opened with Adobe Acrobat Reader DC. NOTE: The following are not supported: Adobe Acrobat Standard DC, Adobe Acrobat Pro DC, and Adobe Acrobat DC. 18 Data Guardian User Guide v2.
3 Install or Uninstall Data Guardian on Windows You must be a local administrator on the computer to install Data Guardian. Be prepared to restart the computer after Data Guardian is installed. Overview of Installation Tasks for Windows This overview summarizes the sequence for installing Data Guardian. Install Data Guardian Task Description For More Information Install Data Guardian Determine the following: User installs: See Install Data Guardian Interactively on Windows.
Hosted Dell Security Center On-prem Dell Management Server If your hosted environment is multi-tenant, you will need an Installation ID. Be sure you know the name of the Dell Server. Install Data Guardian Be prepared to restart the computer after Data Guardian is installed. 1 To download the Data Guardian installer, go to the location specified by your administrator. 2 Based on your operating system, select either the 32-bit or 64-bit installer, and copy it to the local computer.
NOTE: Depending on the way Data Guardian is deployed within the enterprise, activation may not be immediate. However, if activation does not occur, the user must manually activate.
• Web portal: – If already logged in and you upload an encrypted file, a message states Upload failed. – If an encrypted or unencrypted file has been uploaded and then the tenant is suspended, a Download failed message displays. – If you log out and try to log in again, a dialog displays stating that the tenant is suspended. External users with access to some keys may also see a message that the tenant is suspended. Contact your administrator.
Folder: The full path name of the folder. Last Modified: The date the file was modified. Persistence State: This indicates whether the file is on disk. XEN File Read: This feature has been disabled. Browser Created: True or False. To view log files, from the bottom-right corner of the Details screen, click View Log. NOTE: Log files can be also be found at C:\ProgramData\Dell\Data Guardian. Previously, Data Guardian's Cloud Encryption had a Folders area of the Details screen.
Uninstall Data Guardian You must be a local administrator on the computer to uninstall Data Guardian. Copy Files to Your Local Drive If you uninstall Data Guardian from your computer or device, files on the sync client website still need to be secure so they remain encrypted. 1 Before you uninstall, determine if you need to access any files. 2 Copy those files to your local drive. The folders and files on the sync client website will be encrypted, even if you download them.
4 Use Data Guardian with Windows Your administrator has already configured policies to protect documents and will tell you which of these options apply to your enterprise. Overview of Options This overview summarizes possible options for Data Guardian based on policy set by your administrator. These documents will be secure whether your data is in use, at rest, or in motion as you share them with others or store them on removable media.
NOTE: If you open an Office document and a cover page displays with installation or activation information, your administrator may have set policies to protect Office documents. Confirm that Data Guardian is installed and activated. See Possible Issues With Activating - Cloud and Protected Office. Protect Non-Office File Extension Types with Data Guardian Your administrator will inform you if policies allow additional applications and file types to be encrypted.
IMPORTANT: You must create the folder before the administrator enables the Basic File Protection policy. 1 Use the folder name and path provided by your administrator. 2 Add files with the specified extension, like .txt, that do not need to be encrypted. Optionally, you can add subfolders with user-created names. NOTE: If you have files with that extension that were previously encrypted, placing them in that folder will not decrypt them. They remain encrypted.
• An unauthorized user accesses one of your Office files - The cover page displays with an enterprise-specific message, but the user cannot view the content of the file. Observe File Menu Options Protected Save As To determine if your administrator has enabled Data Guardian policies, open an Office document and select File. If Protected Save As displays in the left pane, you have additional protection on Office documents.
– Documents > Secure Documents folder - With Opt-in mode (but not Force-Protected mode), a Secure Documents folder is added to the root of the Documents folder. Office documents in this folder are encrypted. If you remove a protected Office document from this folder, it remains encrypted. If you rename the folder, the renamed folder's contents are encrypted. If you delete the folder, it is recreated. • Force-Protected mode - Your enterprise requires a higher level of security.
If you use Tags in an Office document to trigger a classification used in the policy's file tag metadata, the tag you use in the Office document is case sensitive and must match the case used by your administrator in the policy. NOTE: If this policy is enabled, a sweep will cause files that meet the content rules to be encrypted. However, when you create the file, you can right-click and select Protect File. See also Outlook Email Encryption with Data Guardian.
File menu Force-Protected mode for Protected and Unprotected Open Unprotected documents are swept and encrypted. If your administrator enables the following by policy, you can create or add unprotected documents in these locations and open them in Edit mode: Save • • Unprotected Documents folder at the root of your Documents folder Excluded folder with a name given by your administrator • • The document is protected. Read-only document - You can edit it but cannot save the original.
3 After you enter the address or return address, click Print. NOTE: If you use another option to print and your administrator set a policy to add a watermark for printed Office documents, a watermark will display on your envelope or label. Protect Outlook Emails and Attachments with Data Guardian Attach a Protected Document to an Outlook Email When attaching a protected document to an Outlook email, select Insert instead of Insert as Text.
If your enterprise also enables a classification policy for Data Guardian and Outlook email, if any data specified in the classification policy, like Social Security Number or account number, is in the email, the email will be protected. Tampering and Protected Office Documents Data Guardian can scan protected Office documents to detect some forms of tampering. If an internal user tampers with a protected Office document: • Data Guardian can repair or restore some tampering.
3 Click OK. The document is saved, protected, closed, and then reopened. NOTE: If you modify the dates for an unprotected Office document and then click Cancel, Data Guardian still protects the file. NOTE: Currently, when adding date restrictions to a protected Office document and planning to save it to a network drive, you must save the file locally and then copy it to the network.
If you set the Begin Date field to a future date or time and the external user opens it prior to that time, a message explains that the file cannot be opened until that date and time due to access restrictions. Data Guardian User Guide v2.
5 Install and Use Data Guardian with Mac Data Guardian for Mac has embedded Help for specific screens that provides information on: • Dell Data Guardian interface where users can upload files to encrypt them • Cloud Encryption • External users and access restrictions • Tampering In the Dell Data Guardian interface for Mac, click the Help icon. Install Client for Mac If your administrator has added you to your enterprise's whitelist, you can register at: https://yoursecurityservername.domain.
2 Click Continue. 3 Click Install, then go to step 10. 10 In the dialog, enter your user name and password and click Install Software. 11 On the Summary window, click Close. 12 When prompted, either keep the .pkg file or move it to Trash. 13 Do one of these: Hosted Dell Security Center On-prem Dell Management Server The Credentials window automatically opens after you install. If your 1 enterprise is multi-tenant, you will need an Installation ID.
NOTE: Do not select the SSL Errors check box unless your administrator instructs you to do so. 3 Enter your email address and password. 4 Click Login to activate Data Guardian. 5 See Dell Data Guardian application below. For more information on authentication, see the online Dell Data Guardian Help. Dell Data Guardian application When the Dell Data Guardian application opens and activation is successful, the faded cloud storage provider name displays in the left pane.
When authenticated, the cloud storage provider name is activated. Hosted Dell Security Center and Suspended Tenant With Hosted Dell Security Center, if a tenant fails to make payments for a specified period of time, that tenant can be suspended. This applies to Windows, Mac, mobile, and web portal. Internal and external users of Data Guardian may experience the following: • All platforms - If you try to install Data Guardian, activate, or log in, a dialog displays stating that the tenant is suspended.
• Notepad • Wordpad • Visio • MS Paint NOTE: Some applications are only partially supported with Data Guardian, and your administrator will inform you of those. File types These are examples of additional file types that can be configured: .txt, .rtf, .csv, .odt, .vsdx, .png, .jpg, .jpeg, .jpe, .jfif, .gif, .tif, .tiff, .bmp Basic File Protection and Mac When the Basic File Protection policy is configured, Data Guardian sweeps users’ computers and encrypts all local files with those extensions.
Your administrator may decide to remove a file extension. If so, your computer is swept to decrypt those file types. • The encrypted file's Properties > Dell Data Guardian tab no longer displays. • The files may take several minutes to complete decrypting. If a file with that extension is still encrypted, it may have been open during the sweep or stored on a file server or other location. Contact your administrator to request recovery of any files with that extension that will not decrypt.
6 Install and Use Data Guardian Mobile with iOS or Android This section describes basic information on using Data Guardian Mobile with iOS or Android devices. When your administrator sets a policy to enable Data Guardian, files are encrypted and secure. The Data Guardian app must be installed on your mobile device to view or work with encrypted files.
• Non-Office files in the cloud have a .xen extension.
3 At the license agreement, tap Accept. 4 At the option to select Workspace ONE or Data Guardian, tap Workspace ONE to have single sign-on. 5 Enter your password. 6 When prompted, create a PIN. NOTE: If you sign in to Workspace ONE, you will only need to enter your PIN for Data Guardian. Your account is now activated, and the Data Guardian File Manager screen displays.
3 At the Dell Data Guardian app, tap Install. 4 At Confirm Installation, tap Install. 5 At Google Play Protect, tap Allow. 6 At the App installed message, tap Done. 7 Tap Open to launch the Data Guardian app. 8 At the option to authenticate with Workspace ONE or Data Guardian, tap Workspace ONE to have single sign-on. 9 At the license agreement, tap the checkbox. 10 Tap Single Sign On. 11 When prompted, create a PIN.
• Browser • File Manager • Settings icon: – Change PIN button (if enabled by policy) – Browser – File Manager (Settings) - Use these options ◦ Refresh Interval - How frequently Data Guardian syncs your cloud services. Dell recommends Manual or Daily. Other options are , Hourly or Weekly. ◦ 10 MB download warning - Enable or disable. Use this if you are not on Wi-Fi and the download size exceeds 10 MB. ◦ Clear cache - Clears temporary files.
Use Protected Office Documents with Mobile Your administrator will tell you which options are enabled for your enterprise. When you have Data Guardian installed and open a protected Office document, a message displays that the document is decrypting. Data Guardian Options for Office Documents These Data Guardian options display. • Create - Based on the policy setting, the document is protected when you create it. The header of this file displays Protected Document.
Protect Non-Office File Extension Types with Data Guardian Your administrator will inform you if policies allow additional applications and file types to be encrypted. If an unauthorized person opens a file encrypted with Basic File Protection but does not have Data Guardian installed, the content is unreadable.
3 Do one of these by following the online instructions: • Create an account with the cloud storage provider. • Sign in to an existing cloud storage provider account. NOTE: For more information, see your cloud storage provider help. NOTE: If you download the cloud sync client app to your device, Data Guardian does not encrypt any folders or files that you upload directly from that app. To encrypt and protect files, you must use the Data Guardian app to upload them.
Troubleshooting Cloud Protection With Dropbox for Business, if you mark a file as available Offline and then rename the file in the Dropbox website, the file will not open on the iOS device with the Data Guardian app. Use Additional Policies with Mobile Your administrator will tell you which of these policies have been set for your enterprise. Use a PIN Your administrator may set a policy requiring a PIN and setting its length.
Hosted Dell Security Center and Suspended Tenant With Hosted Dell Security Center, if a tenant fails to make payments for a specified period of time, that tenant can be suspended. This applies to Windows, Mac, mobile, and web portal. Internal and external users of Data Guardian may experience the following: • All platforms - If you try to install Data Guardian, activate, or log in, a dialog displays stating that the tenant is suspended.
7 View or Edit Protected Files on a Web Client If your administrator sets up a Data Guardian web portal, you can link to a URL for that web client and view encrypted files without installing a Data Guardian client. Based on policy, you can also edit a file. Based on policy set by your administrator, you can view the following: • Protected Office documents: .docx, .pptx, .xlsx, .docm, .pptm, .xlsm, .pdf. • .xen files - Office or non-Office files that Data Guardian encrypted when uploaded to the cloud.
• MS Paint NOTE: Some applications are only partially supported with Data Guardian, and your administrator will inform you of those. File types These are examples of additional file types that can be configured: .txt, .rtf, .csv, .odt, .vsdx, .png, .jpg, .jpeg, .jpe, .jfif, .gif, .tif, .tiff, .
• Web portal: – If already logged in and you upload an encrypted file, a message states Upload failed. – If an encrypted or unencrypted file has been uploaded and then the tenant is suspended, a Download failed message displays. – If you log out and try to log in again, a dialog displays stating that the tenant is suspended. External users with access to some keys may also see a message that the tenant is suspended. Contact your administrator. 54 Data Guardian User Guide v2.
8 Use Data Guardian as an External User An external user who has a non-domain email address can also use Data Guardian on a mobile client or the web portal. Here are some examples. • You have installed and activated Data Guardian as part of your enterprise, but you need to share protected files or collaborate on protected files with a user outside your company.
Approve or deny access when an external user requests access An external user who has Data Guardian installed on a mobile device can request access to a protected document if they do not have a key for that document. 1 If you receive an email from an external user, requesting access to a protected document, you can view the name of the external user and the file requested. 2 Select Approve or Deny. An email is sent to the external user. If you approve, the key for the protected document is shared.
External User and Mac Tasks Internal User Tasks for Mac Share a document with an external user: • Protected documents - Send to the external user by email, network share, or removable storage. • If Data Guardian's Cloud Encryption is enabled - In the Dell Data Guardian interface, drag protected files to the column next to the cloud storage provider column. External User Tasks A cover page displays for Office documents and PDFs. For Data Guardian v2.
2 Follow one set of steps based on the environment of your enterprise: Hosted Dell Security Center On-prem Dell Management Server A hosted Software as a Service (SaaS) solution for managing Dell An on-prem Server located within the enterprise network for Data Security software. managing Dell Data Security software. a b c d e f When the Dell Data Guardian web portal opens, enter your email address. Scroll down and click Agree.
• Send the external user the enterprise's URL for accessing the Data Guardian web portal. • Send a protected file to the external user. When the user opens the file, a cover page displays. The external user can only view protected Office document .pdf files and .xen files or edit files based on policy. However, the external user does not have to download a Data Guardian client.
2 Wait for an email from the internal user stating whether access was granted or denied. NOTE: If you do not receive an email from the internal user, you must wait 48 hours before requesting access again. If you open the protected file before the internal user approves access, a message displays that the request is pending.
9 Enhance Security with Data Guardian's Access Groups (On-prem) Data Guardian's Access Groups enhance security by creating user groups that can collaborate on encrypted data. Users outside a group cannot access or view the data unless the owner of the file grants access. Access Groups can include internal and external users. You can use Access Groups with Windows, Mac, mobile, and web portal.
Regain access to shared, encrypted files after the transitional period For Windows and Mac in Opt-in mode, you can do the following to regain access: • • Protected Office documents - A dialog prompts internal and external users to request access, and the owner of the file can decide whether to grant access. Additional file types encrypted through Basic File Protection - No post-share prompt exists.
• • Internal users outside your access group - Users should open any shared files during the transitional period to gain access to the key. If they do not open a shared, encrypted file during this brief period, they lose access to the file. External users not in your access group - If you already granted access to an encrypted file, the external user will continue to have access after the transitional period.
• Additional file types, such as .txt or .png, configured for Basic File Protection • Content Based Protection files - previously Data Classification (Windows) • TITUS Classification files (Windows) If you already collaborate on files or share them with internal or external users, those users may or may not be in your access group. The best practice for a smooth transition is to have a brief, transitional period to process any of those encrypted files that are shared with other users.
• Additional file types, such as .txt or .png, configured for Basic File Protection The best practice for a smooth transition is to have a brief, transitional period to process any of those encrypted files that are shared with other users. You must log in to your computer during this transitional period.
6 Click OK. A success message displays. NOTE: External users cannot share the protected document with another external user. If this is the first time for an external user to receive a Data Guardian protected file, the user must install Data Guardian or use the web portal to view the protected file. Pre-share Protected Files on Mac You must have Data Guardian installed and be assigned to one or more access groups.
Pre-share Protected Files on the Web Portal If an internal or external user is not in your access group, you can pre-share a protected file. 1 In the web portal, upload a protected document. If your administrator has placed you in one or more access groups, a Protected File Access icon displays next to the Download icon. 2 Click the Protected File Access icon. In the Protected File Access Sharing UI, the document name displays in File Selected. 3 In Email to Share, click Add New.
Modify who has access to protected emails Based on policy set by your administrator, you can right-click an email that you protected and sent to users in your Access Group. You can modify who has access to that email. 1 In Outlook, right-click an email labeled as [PROTECTED]. 2 At the bottom, select Protected Email Access. A list displays of users with whom you have shared access. 3 Remove individual users if you no longer want them to have access to the protected email.
10 Frequently Asked Questions Miscellaneous FAQs Question I renamed my computer. Now, I am not getting any policy updates. Answer Currently, the Dell Server only recognizes the endpoint against which you originally activated. If you change the endpoint name, the Dell Server does not recognize the location for sending the policy and Data Guardian does not perform as expected. Solution Uninstall Data Guardian and then reinstall. You must have administrator rights to uninstall.
6 Click OK. 70 Data Guardian User Guide v2.