Jamf Nation Community

medeor · ‎06-08-2018

Is there a way jamf can force FileVault encryption automatically to connected usb devices? This of course is for security ensuring company confidentiality.

Thanks

therealmacjeezy · ‎06-12-2018

We had the same question a few months back. Jamf currently doesn’t have the built-in option to force external volumes to be encrypted.

I started looking into how to enforce this with a launchd item and a script, but had to focus on another area before I was able to write something. You could use the launchd item that’ll watch /Volumes for any changes, which will then in turn run a script that’ll do the checking but I’m not sure if that would be the best way. Once I get back to the project and come up with something I’ll post it here.

There are also third party solutions that do that but I haven’t used any of them so I can’t say how well they work. McAfee has a feature to monitor external devices and enforce encryption.

Here’s a feature request that mentions the same thing you’re trying to do and has other third party options.

https://www.jamf.com/jamf-nation/feature-requests/2878/encryption-for-removable-media

"Saying 'uhh..' is the human equivalent to buffering."

davidacland · ‎06-12-2018

If you're happy with the built-in encryption on macOS, a script with a launchdaemon would be able to do it. That being said, it would be pretty risky so would need a lot of error checking and testing.

Alternatively, a third party solution likes the ones mentioned above would work. Most of the anti-virus vendors are offering that type of feature now, along with specialist data loss prevention companies like EndpointProtector.