FileVault

Use the FileVault profile configuration to turn on FileVault disk encryption on devices and to select recovery key options when:

Note: Requires macOS 10.9 or later.
Enforce FileVault Select this option to turn on FileVault disk encryption on devices.
Create a personal FileVault recovery key Select this option to have devices encrypted using a personal recovery key generated by the device.
Use an institutional recovery key Select this option to have devices encrypted using an institutional recovery key.
Both Select this option to enable device users to use an institutional recovery key and create a personal FileVault recovery key.
Institutional Recovery Key Certificate If the recovery key type is set to use an institutional recovery key, select the institutional recovery key certificate from this list.
Show Personal Recovery Key If this option is selected, the personal recovery key will not be displayed to the user even after FileVault is enabled.
Store Personal Recovery Key in SOTI MobiControl Select this option to enable the device user to store the personal recovery key on the SOTI MobiControl server in encrypted format.
Personal Recovery Key Encryption Certificate If the Store Personal Recovery Key in SOTI MobiControl option is selected, select a personal recovery key encryption certificate from this list. The certificate can be uploaded through a certificate payload, and the device user can choose the certificate to encrypt the personal recovery key.
Require to Unlock FileVault After Hibernation If this option is selected, the password will be required to unlock the disk after hibernation and to restore the disk to the last saved state.