One of the most valuable security features in macOS is FileVault. FileVault encrypts the data on the startup disk and prevents unauthorized access by anyone who doesn’t have the decryption key or the correct account login credentials. FileVault is more than just a password protection security feature; while ordinary passwords prevent unauthorized access to a computer, they can be bypassed if a hacker removes the hard drive from a Mac and connects it to their computer as a secondary hard disk.
Enabling FileVault prompts the user to re-enter their password each time they log into their account. If users have a decryption key, they can read encrypted data, but if malicious actors try to take a hard drive out of a Mac computer, they won’t be able to get any information.
FileVault is very useful in industries such as healthcare, manufacturing, and banking, where enterprises must store highly sensitive customer information on their devices.
SureMDM allows IT administrators to remotely enable FileVault on Mac devices.
Purpose
The purpose of this knowledge base article is to provide a detailed guide on how to enable FileVault encryption for MacOS.
Prerequisites
NA
Steps
1. Login to the SureMDM Console.
2. Click on Profiles.
3. Select macOS as the operating system.
4. Click on Add Profile.
5. Select FileVault and click on Configure.
6. Give a name to the profile and enter a suitable path to define the Path for recovery information storage.
Example: /var/filevault.plist
To ensure full compliance from device users, select 0 from the dropdown list for Max Bypass Attempts (Max Bypass Attempts denotes the maximum number of times the user can bypass enabling the FileVault).
7. Click Save. A profile will be created.
8. Go back to the SureMDM home page.
9. Select the macOS device and click Apply.
10. In the Apply Job/Profile To Device, select the saved profile and click Apply.
FileVault (with the settings you defined via the profile) will be pushed to the selected macOS device. The end user will then get a prompt for applying FileVault encryption once they log out and log in again.
Once the FileVault option is enabled, users will see the following message in the Security and Privacy window:
Need help? CONTACT US