Help

Difference FileVault Config Profile and Policy

Andixon
Contributor

2 weeks ago

Hi,

I see there is a configuration Profile that enables FileVault and a Policy that does the same. Can someone tell me what the difference between those two is? Do I need both? Do I only one? Do they have different use cases?

Kind regards

 

Reply
2 REPLIES 2

PaulHazelden
Valued Contributor

2 weeks ago

I am only using the Policy to enable File Vault. So only one is required.
As to use case, for me, the policy was the first one I tried in Testing, because I wanted it available in Self Service for My Test devices. I got it working and then rolled it out.

0 Kudos
Reply

AJPinto
Esteemed Contributor

2 weeks ago

At a very high level:

  • The policy uses the fdesetup command to turn FileVault on. This entire workflow is deprecated by Apple but not yet retired.
  • The Configuration Profile payload to forces force FileVault on by managing the preference domain directly and is protected by SIP and cannot be bypassed. 

 

TL;DR: You should only be using the configuration profile to enable FileVault, forget the policy exists as its tech debt in Jamf.

https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Managing_FileVault_on_Encryp...

 

Reply