FileVault

Use the FileVault profile configuration to turn on FileVault disk encryption on devices and to select recovery key options when:

Note: Requires macOS 10.9 or later.
Enforce FileVault Select this option to turn on FileVault disk encryption on devices.
Enforce FileVault Select this option to prevent device users from turning off FileVault disk encryption on devices once enabled from SOTI MobiControl.
Recovery Key Type Use one of the following options to enable FileVault disk encryption on devices.
  • Personal Recovery Key: Select this option to have devices encrypted using a personal recovery key generated by the device.
  • Institutional Recover Key: Select this option to have devices encrypted using an institutional recovery key.
  • Both: Select this option to:
    • Enable device users to use an institutional recovery key
    • Create a personal recovery key
Institutional Recovery Key Certificate select the institutional recovery key certificate if the recovery key type uses an institutional recovery key,
Show Personal Recovery Key The personal recovery key is not displayed to the user with this option selected, even after enabling FileVault.
Store Personal Recovery Key in SOTI MobiControl Select this option to enable the device user to store the personal recovery key on the SOTI MobiControl server in encrypted format.
Personal Recovery Key Encryption Certificate With Store Personal Recovery Key in SOTI MobiControlselected, choose a personal recovery key encryption certificate from this list. Upload the certificate through a certificate payload so the device user can choose it to encrypt the personal recovery key.
Encryption Certificate Use this option to manage the PRK Encryption Certificate, see Encrypting Personal Recovery Key and PRK Encryption Certificate.
Require to Unlock FileVault After Hibernation The user must enter a password to unlock the disk after hibernation and to restore the disk to the last saved state.