FileVault
Use the FileVault profile configuration to turn on FileVault disk encryption on devices and to select recovery key options when:
Note: Requires macOS 10.9 or later.
| Enforce FileVault | Select this option to turn on FileVault disk encryption on devices. |
| Create a personal FileVault recovery key | Select this option to have devices encrypted using a personal recovery key generated by the device. |
| Use an institutional recovery key | Select this option to have devices encrypted using an institutional recovery key. |
| Both | Select this option to enable device users to use an institutional recovery key and create a personal FileVault recovery key. |
| Institutional Recovery Key Certificate | If the recovery key type is set to use an institutional recovery key, select the institutional recovery key certificate from this list. |
| Show Personal Recovery Key | If this option is selected, the personal recovery key will not be displayed to the user even after FileVault is enabled. |
| Store Personal Recovery Key in SOTI MobiControl | Select this option to enable the device user to store the personal recovery key on the SOTI MobiControl server in encrypted format. |
| Personal Recovery Key Encryption Certificate | If the Store Personal Recovery Key in SOTI MobiControl option is selected, select a personal recovery key encryption certificate from this list. The certificate can be uploaded through a certificate payload, and the device user can choose the certificate to encrypt the personal recovery key. |
| Require to Unlock FileVault After Hibernation | If this option is selected, the password will be required to unlock the disk after hibernation and to restore the disk to the last saved state. |