Creating a disk encryption configuration in the JSS is the first step to activating FileVault on computers.

Disk encryption configurations allow you to configure the following information:

• The type of recovery key to use for recovering encrypted data

• The user for which to enable FileVault

1. Log in to the JSS with a web browser.

2. In the top-right corner of the page, click Settings .

3. Click Computer Management.
   On a smartphone, this option is in the pop-up menu.

4. In the “Computer Management” section, click Disk Encryption Configurations .

5. Click New .

6. Enter a name for the disk encryption configuration in the Display Name field.

   

7. Choose a type of recovery key from the Recovery Key Type pop-up menu.

8. If you chose an “Institutional” or “Individual and Institutional” recovery key, click Upload Institutional Recovery Key and upload the recovery key to the JSS.
   The recovery key must be a .p12, .cer, or .pem file.
   If you upload a .p12 file, you are prompted to enter the password that you created when exporting the key from Keychain Access.

   

9. Choose the user for which to enable FileVault:

   • Management Account—Makes the management account on the computer the enabled FileVault user.

   • Current or Next User—Makes the user that is logged in to the computer when the encryption takes place the enabled FileVault user. If no user is logged in, the next user to log in becomes the enabled FileVault user.

   Note: If you make the management account the enabled FileVault user on computers with
   OS X v10.11, you will be able to issue a new recovery key to those computers later if necessary. (For more information, see Issuing a New FileVault Recovery Key.)

10. Click Save.