The SEP-client has two "databases" that it synchronizes to the SEP-server.
One is the Profile database containing all information about user and keys. Which SEP-server to connects to and so on. Simplified - the information that is available on the Profile Management tab in the SEP-client
The other is the log database that contains information the SEP-server of all events happeing in the SEP-client for example: Unsecuring, Securing, Changing access, sync to the server and so on. Simplified this is the information available in the SEP-client under SEP Settings/Auditing and "View Log Browser"
When does the SEP-client sync policies and licenses to the SEP-server?
The SEP client synchronizes the policies and licenses when a user signs-in to a machine or do any kind of action that uses the SEP Client.
For example: Encrypting a USB flash drive, Sending a Secured eMail or Securing a file.
SEP Client syncs on Windows login when there are changes for the user. However the user session needs to be initiated. Which means if the user is already logged on, and you just continue using the same session changes will not be reflected. An example would be locking your windows and entering your password.
When a user logs into Windows, SEP Client queries the SEP Server to see if there are changes for them. If SEP Server says "yes", then Client initiates synchronization; which will turn the system tray icon to Cryptzone logo. If the SEP Server says no, then the icon will stay grayed.
Active SEP-client icon in Systray
Passive "Gray" icon in Systray
Locking the system will not be enough to force an update on the SEP-client.
To make sure that your changes on SEP-server is updated on the SEP Client, you have to require your users to either do a manual sync in the SEP client, Reboot your system or "Log off".
We recommended that you have user session inactivity timeout enabled. This way the SEP-client signs the user off from the session after X minutes. Threfore a new sign-in will be initiated once the user performs an action which ensures that the user profile stays updated consistently.
This can be set in the SEP MC (Management Console) under Policies, select your policy, Editor tab/SEP Settings/Security