Some attention to the interface would seem necessary to address perceived "shortcomings" in the product regarding external media (thumb drives...)
Background:
Policy set to always encrypt. Dialog box pops up asking if user wants to encrypt.
Currently:
No encryption takes place until the dialog box is addressed even though policy is to always encrypt.
This leaves a window of opportunity for the user to not encrypt the drive/data. Arguably that is nice, in the event the drive is not yours, and it would be problematic to encrypt data on a drive that is from a user outside of the organization...
But the dialog box alone is insufficient to address the options, and instead leads to confusion for the user, possibly leading to leaked unsecured data.
Proposal:
Policy overrides dialog box at the instant an external drive is inserted, or
Dialog box makes clear the option of ejecting the drive (like, perhaps an eject button :) to prevent encrypting someone else's drive.

Alternatively, any unencrypted media is mounted read only until the user chooses to encrypt.

Hi,
User reported that Windows Spotlight / lockscreen image change is not working after Sophos installation.
As we gone through below KB article, it seems lock screen and spot light images are managed by Sophos Safeguard (the credential provider).

We confirmed that after sophos installation it’s happening to all laptops. PFA snapshots and mails FYKR.
Raised a case with Sophos (Case ID # 8378537), and the said it’s not possible. “There is no official way to change the lockscreen on a machine protected by SafeGuard Enterprise, this is by design.”
Our issue is spot light images are not changing automatically, please help us to fix.
We need this to be enabled / implemented.

https://community.sophos.com/products/safeguard-encryption/f/sophos-safeguard-products/97499/sgn8-change-the-windows-logon-account-icon
http://sophos.com/kb/112731

Thanks,
Alagesh B
IT Helpdesk Lead
TATA Coffee Ltd
+91 9972810052