Deploying Disk Encryption Configurations

Deploying disk encryption configurations allows you to activate FileVault 2 on computers with macOS 10.8 or later. You can deploy a disk encryption configuration by using a policy.

The event that activates FileVault 2 depends on the enabled FileVault 2 user specified in the disk encryption configuration. If the enabled user is “Management Account”, FileVault 2 is activated on a computer the next time the computer restarts. If the enabled user is “Current or Next User”, FileVault 2 is activated on a computer the next time the current user logs out or the computer restarts. In addition, if you are deploying a disk encryption configuration using a policy, you can configure the policy to defer FileVault 2 enablement until after multiple user logins have occurred.


To activate FileVault 2 on a computer, the computer must be running macOS 10.8 or later and have a “Recovery HD” partition.

Deploying a Disk Encryption Configuration Using a Policy

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/81543674/Icon_New_Button.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.

  6. Select the Disk Encryption payload and click Configure.

  7. Choose "Apply Disk Encryption Configuration" from the Action pop-up menu.

  8. Choose the disk encryption configuration you want to deploy from the Disk Encryption Configuration pop-up menu.

    Note: Options are only displayed in the Disk Encryption Configuration pop-up menu if one or more configurations are configured in Jamf Pro. For more information, see Managing Disk Encryption Configurations.

  9. Choose an event from the Require FileVault 2 pop-up menu to specify when users must enable disk encryption.

  10. Use the Restart Options payload to configure settings for restarting computers.

  11. Click the Scope tab and configure the scope of the policy.
    For more information, see Scope.

  12. (Optional) Click the Self Service tab and make the policy available in Self Service.
    For more information, see Items Available to Users in Jamf Self Service for macOS.

  13. (Optional) Click the User Interaction tab and configure messaging and deferral options.
    For more information, see User Interaction with Policies.

  14. Click Save images/download/thumbnails/81531754/floppy-disk.png .

Related Information

For related information, see the following sections in this guide:

For related information, see the following Knowledge Base article:

Smart Group and Advanced Search Criteria for FileVault 2 and Legacy FileVault
Learn about the smart computer group and advanced computer search criteria available for
FileVault 2.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.