Introduction
macOS devices managed by dataJAR use the built-in Apple full disk encryption solution known as FileVault 2 to encrypt mobile macOS devices. For clarity, the use of encryption is best used on devices where there is a 1:1 relationship between the user and the device. We do not recommend the use of encryption on shared devices (1:many).
For further details about Apple's FileVault 2 solution, please review:
Mobile macOS devices are configured to send a FileVault Recovery Key to datajar.mobi. This allows approved representatives within your organisation (known as Technical Account Administrators) to authorise the release of a key to a specific device in the event that the user leaves your organisation or their login password is forgotten.
This guide details the process of enabling FileVault when prompted, as well as manually enabling FileVault after a device is enrolled.
Enabling FileVault when prompted
- Once a mobile macOS device is enrolled into datajar.mobi and has completed enrolment, the user is required to log on to the device for the first time. After successfully login, they should logout and will be presented with the following prompt:
- Enter the local end user password when prompted and click "OK".
- The system will now enable FileVault and this can take a minute or two. You can click "OK" on this message or leave it to automatically dismiss once done.
- Once this is complete, you will be shown the recovery key. Feel free to dismiss this message as it will be automatically sent to the datajar.mobi system for secure storage.
- The device will now encrypt the entire disk in the background, there is nothing further that needs to be done.
Enabling FileVault manually
If you wish to enable FileVault 2 manually on a datajar.mobi enrolled device, simply follow the below steps:
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click the padlock in the lower left corner and enter an administrator name and password when prompted.
- Click Turn On FileVault.
- When prompted on where to store the recovery key, please ensure to select "Store your recovery key at above location", then click continue.
- You will possibly see a prompt to add additional users to FileVault. Ignore this and click "Continue".
- Once done, you may be shown the recovery key. Feel free to dismiss this as it will be automatically sent to the datajar.mobi system for secure storage.
-
The device will now encrypt the entire disk in the background, there is nothing further that needs to be done. For more information, see Apple's article Turn on and set up FileVault.
Confirming the device is encrypted
You can confirm the encryption status of your device by:
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab. If you see a message that "Filevault is turned on for the disk "Macintosh HD" your Mac is encrypted.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.