With SafeConsole 5.2 admins can now require devices to have a connection to SafeConsole before they can be unlocked. This can be used in conjunction with other policies. 

Forcing a connection with Device State, for example, will make it so users can not circumvent GeoFence and Trusted Network policies and that they will always have the latest policy and real-time file auditing. 

By Selecting "*Always" from the dropdown a live connection to SafeConsole will be required to unlock the device. The device will require firmware version 4.8.25+ to enforce this policy.

The device will not need to be unlocked on a computer in the Trusted Zone. If you would like to require that all unlocks happen from a defined network either enable "Only allow device usage on computers linked within your Trusted Zone" found in the ZoneBuilder Policy and use trusted networks or use GeoFence to disable devices

Please note: Device State will override ZoneBuilder if both are enabled.

If Device State is enabled along with ZoneBuilder the device will still be able to unlock if the User's computer is in the Trusted Certificate Zone.