Effects of Filevault Configuration profiles on machines with Encryption already enabled

New Contributor III

Hey all, here's a question.

We are transitioning from utilizing our DEP Notify provisioning script to enable filevault, to instead use configuration profiles to manage/enable filevault.

If we enabled the config profile to enforce fielvault on next login and scoped it to machines, should I ensure to not scope it to a machine with FV already turned on and enabled? I would assume this could cause some weirdness with the profile. Obviously I would test with a few machines, but just wondering before we started.

Thanks for any answers!


Valued Contributor II

It won't cause any problem to scope your profile to machines with FileVault already enabled. In fact, it is a good thing to do anyway. With the profile installed, the user is unable to turn it off.