Apple's FileVault 2 disk encryption can protect your Mac machines from being compromised. Encrypting the boot volume with FileVault prevents unauthorized users from copying data off the drive. With Addigy Mobile Device Management (MDM), you can enforce disk encryption more quickly and easily than ever before.
Prerequisites
Before you can deploy an MDM Configuration to manage FileVault, you'll need to configure the Addigy MDM Profile for the policy where you'll be enforcing FileVault. You can find more instructions for enabling MDM here: Addigy Mobile Device Management (MDM) Integration.
Creating the FileVault MDM Configuration
- Create a new profile in your Catalog of the type Security and Privacy
- In the profile settings, select Enable FileVault and make sure Escrow Personal Recovery Key is enabled as well if you'd like the Recovery Key to show in Addigy
- Finally, click Create Configuration
- Assign the profile to a policy for deployment to your devices
Completing FileVault enablement and accessing the Personal Recovery Key
Once the profile is on the device, it will be in a state of Deferred Enablement, meaning that a specific user with Secure Token needs to log out, enter their credentials, and sign back in for the FileVault Encryption process to begin.
This user can be found by running fdesetup status from the Devices page
If Escrow Personal Recovery Key was selected, a Personal Recovery Key (PRK) will be generated and uploaded to your Addigy account.
You can find your PRKs in the GoLive page:
- View the FileVault Encryption tab within GoLive.
- Please allow some time for the key to be shown.