I am a technical support engineer for ESET's Encryption product family.
You have mentioned a few things that I feel need clarifying, some of which may require in-depth explanations in order for you to come to your own conclusion on how best to deploy ESET Endpoint Encryption in your own environment.
First I feel I need to address an important concept regarding ESET Endpoint Encryption. EEE uses a "cloud proxy", which is our patented technology which simply acts as a pigeonhole (or middleman) for communicating commands/client updates between the EEE server and EEE client workstations.
If your environment has an Internet proxy to control traffic, then you will need to add your proxy details to your EEE Server. For complete details on this, please read our article here: KB7607 - Add internet proxy server settings to ESET Endpoint Encryption Server
Providing everything is configured correctly, your EEE client workstations will be able to communicate with your EEES (through the cloud proxy) as normal.
Regarding your questions about deployment, I am not familiar with deploying EEE from ESMC itself, but I know there isn't a repository for EEE, so it cannot be installed that way. However, the EEE Server has a "Push Install" feature which allows you to install the EEE client (MSI) on clients across the network.
Sadly this may not be suitable, as you said your users never connect to your internal network. In which case I would ask, how do you currently manage software deployments for users off your network?
Regardless, EEE's installer is an MSI file, which can be easily deployed through 3rd party tools. Just ensure your Workstation Policy is configured correctly before generating the MSI for the endpoints, as the Workstation Policy is bundled into the MSI itself. Additionally, depending on your requirements you may need to create a separate Merged Installer for each Workstation Team you have set-up in your EEES.
I hope this sheds some light on your situation and what you can do to deploy EEE in your environment.
I'm sorry to hear about this issue.
I suspect you are encountering a known issue with the latest version of Windows 10 2004 (OS build 19042). You can check what Windows version you are running by typing 'winver' into the Run dialog. I have attached an example:
If your computer IS running Windows 10 2004 (OS build 19042), then please check to see if you are missing the UseNullDerivedOwnerAuth registry value found in:
If it is missing, then you can create it manually by opening an elevated command prompt and entering the following command:
reg add hklm\system\currentcontrolset\services\tpm\wmi -v UseNullDerivedOwnerAuth -t REG_DWORD -d 0x01 -f
After running this command, reboot your computer before trying FDE again. This should allow the TPM to be used for encryption.
Let me know how you get on.