Apple's FileVault 2 disk encryption can protect your Mac machines from being compromised. Encrypting the boot volume with FileVault prevents unauthorized users from copying data off the drive. With Addigy Mobile Device Management (MDM), you can enforce disk encryption more quickly and easily than ever before.
Before you can deploy an MDM Configuration to manage FileVault, you'll need to configure the Addigy MDM Profile for the policy where you'll be enforcing FileVault. You can find more instructions for enabling MDM here: Addigy Mobile Device Management (MDM) Integration.
Creating the FileVault MDM Configuration
1. On the Policies page, navigate to the Catalog at the top right of the page, and then from the MDM Configuration tab, click Add Configuration +
2. From here, deselect iOS and Apple TV from the device filter and then select the Security & Privacy payload.
3. From the Security and Privacy window, select Enable FileVault and make sure Escrow Personal Recovery Key is enabled as well if you'd like the Recovery Key to show in Addigy. Finally, click Create Configuration.
After the MDM Configuration is created, add it to the Policy.
Once the Configuration is on the device, it will be in a state of Deferred Enablement meaning that a specific user with Secure Token needs to log out, enter their credentials, and sign back in for the FileVault Encryption process to begin.
This user can be found by running fdesetup status from the Devices page
If Escrow Personal Recovery Key was selected, a Personal Recovery Key (PRK) will be generated and uploaded to your Addigy account.
You can find your PRKs in the GoLive window for each device:
- View the FileVault Encryption tab within GoLive.
- Please allow some time for the key to be shown.