This category displays disk encryption information for partitions on a computer. The Disk Encryption category includes the following information:
Inventory Attribute/Criteria | Notes |
|---|---|
Name | |
Last Inventory Update | |
FileVault 2 Enabled | Possible values are:
This status is collected for macOS 14.0 or later via declarative device management. |
FileVault 2 Partition Encryption State | Possible values are:
As criteria, this can be coupled with the “Partition Name” criteria to report on the encryption state of a specific partition you specify by name. |
Personal Recovery Key Validation ("FileVault 2 Individual Key Validation" criteria) | Displays whether the personal (also known as "individual") recovery key on a computer matches the personal recovery key escrowed for that computer in Jamf Pro. This value will be reported as “Unknown” when any of the following conditions are met:
Other possible values are:
|
Personal Recovery Key | To view the recovery key, click Show Key. |
Device Recovery Key | If a personal recovery key was escrowed using a configuration profile, this will display the "Record Number" message from the escrow profile. If the PRK was escrowed using a Jamf Pro policy, this inventory value is not present. |
Disk Encryption Configuration | Displays the name of the disk encryption configuration if the computer is encrypted via policy. If the computer is encrypted via configuration profile or locally on the computer, this field is left blank. As criteria, this includes computers with a specified FileVault disk encryption configuration in Jamf Pro. |
FileVault 2 Enabled Users | Lists usernames of cryptographic users that have a secure token. |
You can also use the following disk encryption criteria in your smart groups and advanced searches:
Criteria | Notes |
|---|---|
FileVault Status | Includes computers based on the number of FileVault-enabled users out of the number of users that can be FileVault enabled. Possible values are:
This criteria applies to both FileVault 2 and Legacy FileVault-enabled users. |
FileVault 2 Recovery Key Type | Includes computers based on the recovery key types that are reported in their Jamf Pro inventory. Possible values are the following:
|
FileVault 2 Institutional Key | Includes computers based on whether an institutional recovery key exists on a computer. Possible values are:
|
FileVault 2 User | Includes computers where the specified user is a FileVault enabled user. For example, to report on computers on which John Smith is a FileVault enabled user, you would enter the criteria FileVault 2 User has "John Smith". |
FileVault 2 Eligibility | Possible values are the following:
For all values other than “Eligible”, the search returns the first ineligible reason found, based on this order of priority:
|
FileVault 2 Status | The partitions that are FileVault 2 encrypted. Possible values are:
|