Effects of Filevault Configuration profiles on machines with Encryption already enabled

jclark27
New Contributor III

Hey all, here's a question.

We are transitioning from utilizing our DEP Notify provisioning script to enable filevault, to instead use configuration profiles to manage/enable filevault.

If we enabled the config profile to enforce fielvault on next login and scoped it to machines, should I ensure to not scope it to a machine with FV already turned on and enabled? I would assume this could cause some weirdness with the profile. Obviously I would test with a few machines, but just wondering before we started.

Thanks for any answers!

1 REPLY 1

Tribruin
Valued Contributor II

It won't cause any problem to scope your profile to machines with FileVault already enabled. In fact, it is a good thing to do anyway. With the profile installed, the user is unable to turn it off.