Security Configuration Scenarios

To improve the computer security, Endpoint Manager V9.1 provides the capability to follow the NIST security standards by configuring an enhanced security option. This setting enables SHA-256 as the hashing algorithm for digital signatures as well as content verification. It also enables the TLS 1.2 communication among the Endpoint Manager components.

You can set the enhanced security option only after the Endpoint Manager V9.1 installation or the upgrade of all components to Endpoint Manager V9.1. If you have a mixed environment, to keep the product compatibility with earlier versions of the Endpoint Manager components, do not set the enhanced security option or, before setting it, upgrade the Endpoint Manager components to V9.1.

In addition to the enhanced security setting, you can now set a check for verifying the file download integrity using the SHA-256 algorithm. If you do not set this option, the file download integrity check is run using the SHA-1 algorithm. This new option does not break the compatibility with Endpoint Manager V9.0 components and can be set only if you set the enhanced security option.

In a complex environment, you can enable the enhanced security option, only after all the DSA servers are upgraded to Endpoint Manager V9.1 and have got a new license.