Hello Everyone,
i am trying setup profile or policy that allow Enrolled macOS to enable filevault and save it in Jamfpro server, similar to window BitLocker key and save in on AD. any Idea would be appreciated it.
Question
setup FileVault on Catalina
+3
+8First, you'll need to to go to Settings -> Computer Management -> Disk Encryption Configurations and create a configuration.
We use Individual Recovery Keys, as Institutional will give each computer the same key. If it gets cracked or otherwise figured out, all of our computers' encryption would be essentially useless.
After this you need to create a policy to enable FileVault. Once this policy is applied, the key will be stored in the device record.
+3Thank you for your quick reply. Do i have to turn on FileVault prior to apply this policy?
+2This is how we have FileVault setup in our environment too. But I have seen others use Configuration Profiles to achieve this. I wonder which is better?
+8My understanding is it has to be managed with a disk encryption profile OR a configuration profile and then deployed with a policy.
+16I thought this too, however I have it working in out dev and prod with just the policy ..
C
I wanted to use a profile but it locked up the machines. On ABM enrolled machines, but not on manually enrolled machines.
+3Thank you all,
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.