Managing Disk Encryption Configurations

Creating a disk encryption configuration Jamf Pro is the first step to activating FileVault 2 on computers with macOS 10.8 or later.

When you create a disk encryption configuration, you specify the following information:

  • The type of recovery key to use for recovering encrypted data. There are three recovery key options you can choose from:

    • Individual (also known as “Personal”)—Uses a unique alphanumeric recovery key for each computer. The individual recovery key is generated on the computer and sent back to Jamf Pro to be escrowed when the encryption takes place.

    • Institutional—Uses a shared recovery key. This requires you to create the recovery key with Keychain Access and upload it to Jamf Pro for storage.

    • Individual and Institutional—Uses both types of recovery keys.

  • The user for which to enable FileVault 2

    • Management Account—Makes the management account on the computer the enabled FileVault 2 user.

      Note: The management account cannot be used to enable FileVault 2 for computers with macOS 10.13 or later if the account was created with Jamf Pro due to the lack of a secure token.

      If you make the management account the enabled FileVault 2 user on computers with macOS 10.9–10.12.x, or macOS 10.14 or later, you will be able to issue a new recovery key to those computers later if necessary. For more information, see Issuing a New FileVault 2 Recovery Key.

    • Current or Next User—Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault 2 user. If no user is logged in, the next user to log in becomes the enabled FileVault 2 user.


To use either the “Institutional” recovery key or the “Individual and Institutional” recovery key options in the disk encryption configuration, you must first create and export a recovery key using Keychain Access. For more information, see the Creating and Exporting an Institutional Recovery Key Knowledge Base article.

Creating a Disk Encryption Configuration

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/81543667/Icon_Settings_Hover.png .

  3. Click Computer Management.

  4. In the “Computer Management” section, click Disk Encryption Configurations images/download/thumbnails/81543667/Disk_Encryption_Configurations.png .

  5. Click New images/download/thumbnails/81543667/Icon_New_Button.png .

  6. Configure the disk encryption configuration using the fields and options on the pane.

  7. Click Save images/download/thumbnails/81531754/floppy-disk.png .

Related Information

For related information, see the following sections in this guide:

Deploying Disk Encryption Configurations
Find out how to activate FileVault 2 by deploying a disk encryption configuration using a policy.

For related information, see the following technical paper:

Administering FileVault on macOS 10.14 or Later with Jamf Pro
Get step-by-step instructions for administering FileVault on macOS 10.14 or later, including how to activate FileVault disk encryption using a configuration profile.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.