Managing Disk Encryption Configurations

Creating a disk encryption configuration Jamf Pro is the first step to activating FileVault 2 on computers with macOS 10.8 or later.

When you create a disk encryption configuration, you specify the following information:

  • The type of recovery key to use for recovering encrypted data. There are three recovery key options you can choose from:

    • Individual (also known as “Personal”)—Uses a unique alphanumeric recovery key for each computer. The individual recovery key is generated on the computer and sent back to Jamf Pro for storage when the encryption takes place.

    • Institutional—Uses a shared recovery key. This requires you to create the recovery key with Keychain Access and upload it to Jamf Pro for storage.

    • Individual and Institutional—Uses both types of recovery keys.

  • The user for which to enable FileVault 2

    • Management Account—Makes the management account on the computer the enabled FileVault 2 user.
      Note: Beginning with macOS 10.13, the management account can no longer be used to enable FileVault 2 if the account was created with Jamf Pro due to the lack of a secure token.
      If you make the management account the enabled FileVault 2 user on computers with macOS 10.9–10.12.x, you will be able to issue a new recovery key to those computers later if necessary. (For more information, see Issuing a New FileVault 2 Recovery Key.)

    • Current or Next User—Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault 2 user. If no user is logged in, the next user to log in becomes the enabled FileVault 2 user.


To use either the “Institutional” recovery key or the “Individual and Institutional” recovery key options in the disk encryption configuration, you must first create and export a recovery key using Keychain Access. (For more information, see the Creating and Exporting an Institutional Recovery Key Knowledge Base article.)

Creating a Disk Encryption Configuration

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/18781073/Icon_Settings_Hover.png .

  3. Click Computer Management.

  4. In the “Computer Management” section, click Disk Encryption Configurations images/download/thumbnails/18781073/Disk_Encryption_Configurations.png .

  5. Click New images/download/thumbnails/18781073/Icon_New_Button.png .

  6. Configure the disk encryption configuration using the fields and options on the pane.

  7. Click Save.

Related Information

For related information, see the following sections in this guide:

Deploying Disk Encryption Configurations
Find out how to activate FileVault 2 by deploying a disk encryption configuration using a policy or Jamf Remote.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2018 Jamf. All rights reserved.