FileVault disk encryption provides an enormous amount of security to your organization's data on each macOS device. But what do you do when you need to decrypt your FileVault devices? This can be particularly important when you would like to re-enable FileVault via Addigy and collect your keys in the Addigy platform.
Disabling FileVault Using Addigy LiveTerminal
The Addigy LiveTerminal integration provides a powerful, interactive terminal session to any of your devices with the software installed. To learn more about our Live Terminal integration, head over to our article Addigy Live Terminal Integration Overview.
- Once you have initiated a Live Terminal session to the device you would like to decrypt, simply run the following command:
sudo fdesetup disable
- A prompt will appear requesting the username of a user who is authorized to lock/unlock the disk:
- After entering the username, a prompt will appear to enter the password of the provided user:
- After entering the credentials, the device will decrypt:
Disabling FileVault That is Managed via MDM
If FileVault is managed via MDM, the MDM Profile enforcing FileVault must be deleted on the device before you can decrypt the drive.
If the MDM Profile was deployed via GoLive, reference this article: Removing an MDM Profile That Was Deployed via GoLive
If the MDM Profile is deployed via the Policy, reference this article: Adding and Removing items from a Policy
If you have any questions regarding enabling or disabling FileVault, please contact our Support team at support@addigy.com.