How do I setup disk encryption on a Mac?

This tutorial applies to the following operating system:

macOS

Overview

This article covers how to setup whole disk encryption on a Mac computer.

If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS servers under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, WDE is an essential security measure. For more information, see Whole Disk Encryption FAQ. Contact your TSP or Local Support if you are unsure if your devices require encryption.

This article assumes ITS has completed the backend tasks necessary to allow encryption on your device. Contact your TSP or Local Support if encryption is needed but FileVault Disk Encryption isn't showing up in Jamf Self Service.

Important! You will need local admin rights on the computer to complete these steps successfully. Contact your TSP or Local Support if you have any questions or do not have local admin rights.

Process

Step 1

Open Jamf Self Service. Navigate to Security, find FileVault Disk Encryption, and click "Enable".

Jamf self service security

Step 2

FileVault begins to install. Once installation completes you will need to reboot the Mac. Jamf does not prompt to reboot and you can reboot at your leisure.

Jamf install in progress

Step 3

When you login after the next reboot, you should receive a pop-up asking you to enable FileVault. Click "Enable Now".

Prompt to enable encryption after next login

Step 4

macOS then encrypts your computer. Click OK when finished. The password you use to login to your account is also the password used to unlock encryption, no separate password needed.

Encryption in progress at login

Details

Article ID: 1930
Created
Fri 6/25/21 8:19 AM
Modified
Fri 8/13/21 11:20 AM

Related Articles (2)

Information to help you identify different classifications of data, which may require different technical controls.
Answers to frequently asked questions about Whole Disk Encryption.