Where a user first Login to Windows by FaceID on a device which has just completed installation of SecureDoc Pre-Boot, where one expects the "Convert to protect Key File using a token" to appear, nothing occurs.
Issue: In the scenario where this behavior was encountered, the user was synchronized from Azure AD to SES. The device is joined to Azure AD.
The user logged in to Windows with the AAD user account.
The device's C drive was encrypt using Bitlocker managed by SecureDoc.
The user logged in to Windows with FaceID authentication. In detail the steps were:
1. A package specifying RMO, SecureDoc Credential Provider, and Bluetooth was deployed to the endpoint device.
SecureDoc Boot Logon was installed, after which the device automatically rebooted
2. The user logged in to Windows via FaceID
3 - At this point normally the "Convert to protect Key File using a token" dialog should be prompted, but nothing happened.
Solution: This behavior is by design. In this scenario user has not yet entered a password at any point during steps 1-3. As a result, a the user's Key File has not been logged in, SecureDoc is unable to perform token conversion if the Key File is considered to to have no defined password.
Work-Around: The user should log in to SecureDoc Control Center using his/her Password, answer any Self-Help Recovery Questions which may be prompted (if that feature is enabled). This login process will apply the user's Password to the key file, permitting the post-logon token conversion actions to proceed as expected.
1961
- Updated on Feb 6, 2026
- 1 minute(s) read
- VN
Was this article helpful?