PreVeil Customer Onboarding Guide

Get to Know Your PreVeil Organization

When your organization is created in PreVeil, it automatically benefits from Defense Industrial Base (DIB)–level security settings and protections. These enhanced safeguards ensure your users and data are protected according to best practices for secure collaboration within regulated industries such as defense and government contracting.

Key Protections Enabled for Your Organization

• Defense Industrial Base (DIB) Settings:

  • These settings enforce stricter security controls and data-handling policies across your organization. They are designed to support compliance with standards such as CMMC, NIST 800-171, and other DIB-related frameworks.

• Domain Lock:

  • This feature restricts free user account creation associated with your organization’s verified email domain(s), preventing unauthorized users from joining the PreVeil community under your email domain(s).

Together, these features ensure your organization operates within a trusted, compliant, and secure environment, far beyond the protections available to free PreVeil accounts.

📘 Learn more:

• https://preveil.atlassian.net/wiki/spaces/ESD/pages/3006365704

• https://preveil.atlassian.net/wiki/spaces/ESD/pages/2713026693

Pre-Onboarding Checklist

As part of your onboarding process, we ask that you please first create your PreVeil account and organization. This will allow your IT team or MSP to check for any problems with the PreVeil application running in your specific environment, whether an antivirus or security measure is blocking or quarantining necessary components to run the application properly.

Please have your IT team or MSP review the PreVeil Admin Checklist.

• We ask that at least steps #1 through #3 in the PreVeil Admin Checklist are please completed prior to your onboarding call to ensure your environment is able to properly run PreVeil.

• Please watch this video for the information needed to complete steps #1 through #3.

• Step #3 will create your PreVeil organization/tenant, establishing your premium service accounts and your organization’s protective settings.

Additionally, please have your IT team or MSP review these documents:

• PreVeil System Implementation Guide for IT Administrators

• Onboarding Checklist Networking and Client Software Access

After these steps have been completed, you will be fully prepared for your upcoming technical onboarding session.

👥 Who Should Attend

To make the session most effective, we recommend the following attendees:

• IT MSP or Administrators – for technical setup and configuration

• Organization Leadership / Admins – decision-makers and primary PreVeil users

• End-Users – optional; can join the second half of the full session to learn Drive & Mail

👉 The administrator who created the organization or another administrator user should also be ready to share their primary desktop screen (with system tray view) so we can walk through PreVeil’s core features.

• Depending on your preference, we can verbally guide you or request remote control (if Zoom Workspace is installed on your device) to walk you through the application.

📞 What to Expect in Your Onboarding Session

During this session, we will:

• Provide a guided walkthrough of the PreVeil application

• Review the Admin Console and how to manage your organization

• Share best practices and support resources (knowledge base, support site, ticketing system)

• Answer your questions and ensure your team feels confident using PreVeil

  • Our support team member will move steadily through the session as there are many topics to cover, but there will be a few brief pauses to allow for Q&A during the meeting

✅ Recording & Follow-up: The session will be recorded (via Zoom + ZoomAI notetaker). You’ll receive a follow-up email with:

• A summary of your organization’s settings and protections

• A link to the passcode-protected recording (please download within 2 weeks before it’s removed from Zoom Cloud) that can be distributed to your team.

🗓️ Session Options

You can choose one of two onboarding options:

Option 1 – Full Onboarding Training Session (60 minutes)
A complete walkthrough of the PreVeil application with a support team member. This can be scheduled using the following Calendly link: PreVeil Onboarding Meeting Request (Up to 60-minutes)

Option 2 – Self-onboarding Video with a Follow-up Consultation Call (30 minutes)
After watching our self-onboarding video, which is a comprehensive overview similar to the full session the support team provides, schedule a shorter consultation call with a support team member to address:

• Questions from the video

• Best practices

• Use cases specific to your environment

This consultation meeting can be scheduled using the following Calendly link: PreVeil Consultation Call (Up to 30-minutes)

📋 Agenda

60-Minute Onboarding Session

First Half (30 minutes)

• Admin Console & Organization Settings – 30 min

  • Admin Console - Users

  • Admin Console - Approval Groups

  • Admin Console - Trusted Community

  • Admin Console - Email Groups

  • Admin Console - Approval Requests

  • Admin Console - Activity Logs

  • Admin Console - Data Export

  • Admin Console - Secure Email Gateway

  • Admin Console - General Settings

  • Admin Console - Device Settings

  • Admin Console - Cloud Lock Settings

Second Half (30 minutes)

• Introduction to Drive (file storage & sharing) – 15 min

  • Drive functions

  • Folder creation and sharing with permissions

  • Accessing the local PreVeil Drive directory (if applicable to your environment)

  • Syncing folders up/down (if applicable to your environment)

  • PreVeil Drive Best Practices

• Introduction to Mail – 3 min

  • Interface introduction

  • Composing messages

  • Mail client integration options (if applicable for your environment)

    • Classic Outlook Plugin

      • Additional Outlook Add-in to add a Message Encryption Banner and auto-encryption feature

    • Gmail Plugin

• Support & Resources

  • Account Settings Menu – 3 min

    • Personal Approval Requests

    • Device Management

    • Account Recovery PDF File (if no Account Recovery Group is created yet)

    • Account Recovery approval process

  • Key Menu – 2 min

    • Running diagnostics

    • Exporting Key Menu application logs

    • Accessing Mail/Drive and the Support Site

  • PreVeil Support Site (AI Chatbot & Resources) – 2 min

  • Knowledge Base – 2 min

  • PreVeil Support Desk Ticketing System – 3 min

30-Minute Follow-up Consultation Call

• Q&A after reviewing the self-onboarding video

• Best practices for the Admin Console, Mail, and Drive

• Environment-specific questions and use case scenarios

❓ Frequently Asked Questions

Here are some of the most common questions addressed during onboarding sessions:

Account

• What’s the difference between a Full PreVeil Account and a PreVeil Express Account?

  • PreVeil Express is a browser-based web application that allows users to access PreVeil without installing client software. It’s ideal for tightly controlled IT environments where software installation or network policies may restrict endpoint configurations.

  • Full PreVeil Desktop Account requires installing the PreVeil client. Users authenticate using their encryption key, no login credentials or MFA are required. The key data is stored locally on the device for security purposes.

  • To learn more: https://preveil.atlassian.net/wiki/spaces/ESD/pages/2461892667
    
    

• Can I enable MFA for logging into PreVeil?

  • PreVeil itself uses encryption key–based access and does not require MFA. However, administrators can enable MFA on the operating system level. This can be configured using Windows Environment Variables or Group Policy Objects (GPOs) to require MFA at user login, adding another layer of protection to devices running PreVeil.
    
    

• How do I invite users to PreVeil?

  • Internal users can be invited via the Users list in the Admin Console.

  • External users can be invited by sending them an encrypted email or shared folder from your PreVeil account.
    
    

• What happens to a deleted user’s data?

  • When a user is deleted:

    • All their Mail, Drive, and logging data is permanently deleted from your organization’s storage.

    • Some third-party applications (e.g., Microsoft Outlook) may retain local cached data.
      
      

• How do I offboard users who leave my organization?

  • To offboard a user, please follow the instructions in Offboarding a User from Your PreVeil Organization.
    
    

• How can I recover access to my PreVeil account?

  • You can recover your account using one of the following methods:

    • Account Recovery Group (primary and most reliable method) – Recover your account through your organization’s designated recovery group.

    • Secondary Device – Copy your existing private key from another trusted device.

    • Recovery Code File – Use your Secret Key from the Recovery Code File.
      
      

• How can PreVeil Express (web) users protect their accounts?

  • PreVeil Express users should review the PreVeil Express Account Recovery Guide for steps to securely back up and recover their accounts.
    
    

• How do I activate my account on a new computer?

  • You can move your account to a new computer by:

    • Account Recovery Group – Recover your account through your organization’s designated recovery group.

    • Secondary Device – Copy your existing private key from another trusted device.

    • Recovery Code File – Use your Secret Key from the Recovery Code File.

Drive

• What happens to a shared folder when the owner’s account is deleted?

  • The shared folder remains available as long as another user has Edit & Share permissions to assume folder ownership after deletion.
    
    

• Do PreVeil customers sync data locally?

  • This depends on your organization’s IT policies and environment configuration.
    
    

• Can administrators manage data and permissions in Drive?

  • PreVeil is a user-managed, end-to-end encrypted system, which means administrators cannot centrally access, share, or modify data permissions for Drive folders or files they don’t personally own.
    
    

• Can deleted data be restored?

  • Deleted files go to the PreVeil Trash section and can be restored by the user who deleted them.

  • Once the Trash is emptied, the files are permanently deleted and cannot be recovered.
    
    

• How can I protect the data in my shared folders with customers or clients I work with?

  • If you are the folder owner or have Edit & Share permissions, you will be able to set the appropriate permission levels for users to access these folders.

  • https://preveil.atlassian.net/wiki/spaces/ESD/pages/4311777291
    
    

• Are the synced files/folders in my local PreVeil Drive directory encrypted at rest on my device?

  • No. Files synced to your local device are unencrypted to enable application access.

  • Encryption is the standard way to protect data at rest on hard drives. The use of full-disk encryption (FDE), such as BitLocker (Windows) or FileVault (macOS) for workstations and servers that store CUI is a common practice.

Admin Console / Organization

• What's the difference between Admin and Standard users?

  • Admin Users – Access the Admin Console, where they can manage users, policies, and recovery settings, in addition to Mail and Drive.

  • Standard Users – Access only Mail and Drive.
    
    

• What are Approval Groups and Account Recovery Groups?

  • An Approval Group is a set of users who come together to authorize an operation in the organization. The purpose of this group is to decentralize trust and remove single points of failure. These groups manage privileged activities in the organization.

  • An Account Recovery Group is an Approval Group that is assigned to your users to help them regain access to PreVeil if they lose access to their encryption keys.

  • Please refer to https://preveil.atlassian.net/wiki/spaces/ESD/pages/2425913346 for setup details.
    
    

• How many users are required to form an approval group?

  • A minimum of three fully joined organization users is needed. At least two approvals are required to authorize any activity.
    
    

• Is the Admin Management Approval Group assignment required?

  • No. It’s optional but recommended to decentralize admin-related activities, such as adding/deleting users and changing user role privileges.

  • This activity requires a minimum of three admin users to form and assign the approval group.
    
    

• How do I download activity logs and other reporting data for audits or legal matters?

  • Use the Data Export feature in the Admin Console to download a decrypted copy of your organization’s data, as needed. This will require the Data Export approval group to approve any initiated requests.
    
    

• Can I restrict users from installing PreVeil on multiple devices?

  • Yes. In the Device Settings page, disable the User Device Management option to limit users to their primary device unless they are granted an exception in the Devices tab on their account from the Users list in the Admin Console.
    
    

• What protections does a paid PreVeil organization offer compared to the free version accounts?

  • GovCloud storage

  • https://preveil.atlassian.net/wiki/spaces/ESD/pages/3006365704

  • https://preveil.atlassian.net/wiki/spaces/ESD/pages/2713026693
    
    

• How long is my organization’s data retained?

  • Data and logs are retained indefinitely until you request deletion.

  • Items in Trash remain until manually restored or deleted.
    
    

• Is the Trusted Community option required?

  • No, but enabling it adds an extra security layer by allowing you to restrict communication in PreVeil to only your internal organization users and email domains and specific email addresses included in your Trusted Community address list.

  • See https://preveil.atlassian.net/wiki/spaces/ESD/pages/1481834516 for details.

Environment & Installation

• Do I need an enclave environment?

  • This depends on your compliance goals (e.g., CMMC level).

  • An enclave is recommended for enhanced isolation and data protection.
    
    

• How do I check if FIPS is enabled?

  • Windows 10/11:

    • Open Local Security Policy → Security Options → System cryptography: Use FIPS compliant algorithms.

    • Or check the registry:
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled
      (Value 1 = enabled)

  • macOS:

    • macOS uses FIPS-validated cryptographic modules by default but has no toggle for “FIPS mode.”
      
      

• How much storage does my organization have?

  • Each organization has access to 10TB of pooled storage space.
    
    

• What antivirus exclusions should I add for PreVeil?

  • C:\PreVeil C:\PreVeilData C:\Users\[Username]\PreVeil-[PreVeil ID]

  • Subfolders should also be included in each exclusion.

  • Note: Including the * wildcard after a directory path ensures all nested subfolders are also excluded from antivirus scanning in most applications.
    
    

• Can PreVeil run in RDS terminal servers or shared-resource multi-session VMs?

  • No. The PreVeil_Client.exe process in the PreVeil application supports only one Windows Local User session at a time.

  • VDI environments are supported if each user has dedicated resources and persistent storage.
    
    

• Why can’t I see my Mail or Drive data?

  • Your PreVeil Key Menu system tray or menu bar icon may not be running, or the PreVeil_Client.exe process may be active under a different Windows user account, if on a shared device.
    
    

Mail

• Can I use PreVeil Mail with third-party email clients?

  • Yes. PreVeil supports an IMAP-configured mailbox for:

    • Outlook (Classic) for Windows

    • Outlook 365 for macOS

    • Gmail

    • Apple Mail
      
      

• Is the PreVeil Outlook Plugin compatible with the New Outlook client?

  • No. The PreVeil Outlook plugin works only with Classic Outlook because the new client doesn’t support the necessary IMAP configurations to generate the encrypted mailbox instance.
    
    

• What is Secure Email Gateway?

  • The Secure Email Gateway is an add-on product in PreVeil that allows encrypted email exchange with non-PreVeil recipients from your PreVeil mailbox. No free PreVeil account creation is required for non-PreVeil recipients. This feature is ideal for partners or personnel you want to communicate with in heavily-restricted IT environments.

  • Setup involves the PreVeil Technical Support team deploying a separate dedicated encryption server for your organization and this typically takes a few weeks working with an IT point of contact at your company.

  • To learn more: https://preveil.atlassian.net/wiki/spaces/ESD/pages/2875129964

✅ Next Steps

1. Choose your onboarding option (Full 60-min session or 30-min follow-up).

2. Share this guide with your internal stakeholders so the right people attend.

3. Review the linked videos and articles ahead of time for a smoother session.

4. Book your session with the PreVeil Support Team from the Session Options section in this guide.