Hi,
I see there is a configuration Profile that enables FileVault and a Policy that does the same. Can someone tell me what the difference between those two is? Do I need both? Do I only one? Do they have different use cases?
Kind regards
Page 1 / 1
I am only using the Policy to enable File Vault. So only one is required.
As to use case, for me, the policy was the first one I tried in Testing, because I wanted it available in Self Service for My Test devices. I got it working and then rolled it out.
At a very high level:
- The policy uses the fdesetup command to turn FileVault on. This entire workflow is deprecated by Apple but not yet retired.
- The Configuration Profile payload to forces force FileVault on by managing the preference domain directly and is protected by SIP and cannot be bypassed.
TL;DR: You should only be using the configuration profile to enable FileVault, forget the policy exists as its tech debt in Jamf.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.