Creating a Disk Encryption Configuration

Jamf Pro Documentation 11.16.0

Solution

Application

Content Type

Technical Documentation

Utilities & Services

version

11.16.0

ft:locale

en-US

vrm_version

11.16.0

Creating a disk encryption configuration in Jamf Pro is the first step to activating FileVault on computers using a policy. Disk encryption configurations allow you to configure the type of recovery key to use for recovering encrypted data, as well as the user for which to enable FileVault.

In Jamf Pro, click Settings in the sidebar.
In the Computer management section, click Disk encryption configuration .
Click New.
Enter a name for the disk encryption configuration in the Display Name field.
Choose a type of recovery key from the Recovery Key Type pop-up menu.
If you chose "Institutional" or "Individual and Institutional" recovery key, click Upload Institutional Recovery Key and upload the recovery key to Jamf Pro. The recovery key must be a .p12 or .cer file. If you upload a .p12 file, you are prompted to enter the password that you created when exporting the key from Keychain Access.
Choose "Current or Next User" or "Management Account" from the Enabled FileVault 2 User pop-up menu.
Current or Next User
Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault user. If no user is logged in, the next user to log in becomes the enabled FileVault user.
Management Account
Makes the management account on the computer the enabled FileVault user.
Important:
Computers with macOS 10.13.2 or later cannot use the management account as the enabled FileVault user due to the lack of a secure token.
Jamf does not recommend using the Jamf Pro management account as the first FileVault enabled user account on computers. This way you can avoid any potential confusion with randomized management account passwords.
Click Save .

The disk encryption settings are saved and ready to deploy to target computers using a policy.