The event that activates FileVault depends on the enabled FileVault user specified in the disk encryption configuration and whether the computer is Apple File System (APFS) enabled. If the enabled user is a management account and the computer is APFS enabled, FileVault is activated on a computer at the next login without needing to reboot. If the computer is HFS+ formatted with the "Management Account" enabled user, FileVault is activated on a computer the next time the computer restarts. If the enabled user is "Current or Next User", you can modify when FileVault is activated on a computer. Options include the following:
The next time the computer restarts
The next time the current user logs out
- The next login or after multiple user logins (ranging from two to six logins)Note: If the restart is done using a built-in policy, FileVault will not be activated.
- In Jamf Pro, click Computers in the sidebar.
- Click Policies in the sidebar.
- Click New.
- In the General payload, enter a display name for the policy (e.g., "FileVault Disk Encryption").
- Select a trigger.
- Choose from the Execution Frequency pop-up menu.
- Select the Disk Encryption payload and click Configure.
- Choose from the Action pop-up menu.
- Choose the disk encryption configuration from the Disk Encryption Configuration pop-up menu.
- Choose an event from the Require FileVault 2 pop-up menu to specify when users must enable disk encryption.
- (Optional) If Management Account is selected as the enabled FileVault user in the disk encryption configuration, do the following:
- Click the Scope tab and configure the scope of the policy.
- Click Save .