FileVault
Use the FileVault profile configuration to turn on FileVault disk encryption on devices and to select recovery key options when:
Note: Requires macOS 10.9 or later.
Enforce FileVault | Select this option to turn on FileVault disk encryption on devices. |
Enforce FileVault | Select this option to prevent device users from turning off FileVault disk encryption on devices once enabled from SOTI MobiControl. |
Recovery Key Type | Use one of the following options to enable FileVault disk encryption
on devices.
|
Institutional Recovery Key Certificate | select the institutional recovery key certificate if the recovery key type uses an institutional recovery key, |
Show Personal Recovery Key | The personal recovery key is not displayed to the user with this option selected, even after enabling FileVault. |
Store Personal Recovery Key in SOTI MobiControl | Select this option to enable the device user to store the personal recovery key on the SOTI MobiControl server in encrypted format. |
Personal Recovery Key Encryption Certificate | With Store Personal Recovery Key in SOTI MobiControlselected, choose a personal recovery key encryption certificate from this list. Upload the certificate through a certificate payload so the device user can choose it to encrypt the personal recovery key. |
Encryption Certificate | Use this option to manage the PRK Encryption Certificate, see Encrypting Personal Recovery Key and PRK Encryption Certificate. |
Require to Unlock FileVault After Hibernation | The user must enter a password to unlock the disk after hibernation and to restore the disk to the last saved state. |