FileVault

Use the FileVault profile configuration to turn on FileVault disk encryption on devices and to select recovery key options when:

Note: Requires macOS 10.9 or later.
Enforce FileVault Select this option to prevent device users from turning off FileVault disk encryption on devices once enabled from SOTI MobiControl.
Recovery Key Type Use one of the following options to enable FileVault disk encryption on devices.
  • Personal Recovery Key: Select this option to have devices encrypted using a personal recovery key generated by the device.
  • Institutional Recover Key: Select this option to have devices encrypted using an institutional recovery key.
  • Both: Select this option to:
    • Enable device users to use an institutional recovery key
    • Create a personal recovery key
Institutional Recovery Key Certificate If the recovery key type uses an institutional recovery key, select the institutional recovery key certificate from this list.
Show Personal Recovery Key If this option is selected, the personal recovery key will not be displayed to the user even after FileVault is enabled.
Store Personal Recovery Key in SOTI MobiControl Select this option to enable the device user to store the personal recovery key on the SOTI MobiControl server in an encrypted format.
Encryption Certificate Use this option to manage the PRK Encryption Certificate, see Encrypting Personal Recovery Key and PRK Encryption Certificate.
Require to Unlock FileVault After Hibernation If this option is selected, the password will be required to unlock the disk after hibernation and to restore the disk to the last saved state.