I'm in the middle of testing Sophos full disk encryption for teacher laptops. In my first test I went for the whole shebang. It was quite slow to implement but relatively straightforward and everything works as expected. However I would like to have the facility for multiple users to access the computers using domain accounts. One reason is convenience - allowing teachers to share computers - but the most common use will be in classrooms. The teachers' laptops are left connected to the SMARTboard for children to access interactive activities. Currently the guidance is that teachers should use Fast User Switching to log a generic pupil account on, thus protecting their data (we're an infant school, so the risk of anything malicious is so unlikely as to be irrelevant) and allowing them to quickly swap back to their work. Assuming that I manage the devices properly through the Enterprise Console, how much extra risk am I introducing if I turn off POA?

Thanks everyone