setup FileVault on Catalina

KurdTech
New Contributor II

Hello Everyone,

i am trying setup profile or policy that allow Enrolled macOS to enable filevault and save it in Jamfpro server, similar to window BitLocker key and save in on AD. any Idea would be appreciated it.

6 REPLIES 6

seraphina
Contributor II

First, you'll need to to go to Settings -> Computer Management -> Disk Encryption Configurations and create a configuration.

We use Individual Recovery Keys, as Institutional will give each computer the same key. If it gets cracked or otherwise figured out, all of our computers' encryption would be essentially useless.

After this you need to create a policy to enable FileVault. Once this policy is applied, the key will be stored in the device record.

90f21d41cdaa4f89a8b6a7571f34db76

26af31b221b84ec588cb639a53967328

9cf7cda62b7d46239a7fbca75cb03f69

KurdTech
New Contributor II

Thank you for your quick reply. Do i have to turn on FileVault prior to apply this policy?

emilshouse
New Contributor II

This is how we have FileVault setup in our environment too. But I have seen others use Configuration Profiles to achieve this. I wonder which is better?

seraphina
Contributor II

My understanding is it has to be managed with a disk encryption profile OR a configuration profile and then deployed with a policy.

https://resources.jamf.com/documents/technical-papers/Administering-FileVault-on-macOS-10.14-or-Late...

gachowski
Valued Contributor II

I thought this too, however I have it working in out dev and prod with just the policy ..

C

I wanted to use a profile but it locked up the machines. On ABM enrolled machines, but not on manually enrolled machines.

KurdTech
New Contributor II

Thank you all,