New Contributor

Is there a way jamf can force FileVault encryption automatically to connected usb devices? This of course is for security ensuring company confidentiality.



New Contributor III

We had the same question a few months back. Jamf currently doesn’t have the built-in option to force external volumes to be encrypted.

I started looking into how to enforce this with a launchd item and a script, but had to focus on another area before I was able to write something. You could use the launchd item that’ll watch /Volumes for any changes, which will then in turn run a script that’ll do the checking but I’m not sure if that would be the best way. Once I get back to the project and come up with something I’ll post it here.

There are also third party solutions that do that but I haven’t used any of them so I can’t say how well they work. McAfee has a feature to monitor external devices and enforce encryption.

Here’s a feature request that mentions the same thing you’re trying to do and has other third party options.

"Saying 'uhh..' is the human equivalent to buffering."

Honored Contributor II
Honored Contributor II

If you're happy with the built-in encryption on macOS, a script with a launchdaemon would be able to do it. That being said, it would be pretty risky so would need a lot of error checking and testing.

Alternatively, a third party solution likes the ones mentioned above would work. Most of the anti-virus vendors are offering that type of feature now, along with specialist data loss prevention companies like EndpointProtector.