This tutorial applies to the following operating system:
macOS
Overview
This article covers how to setup whole disk encryption on a Mac computer.
If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS servers under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, WDE is an essential security measure. For more information, see Whole Disk Encryption FAQ. Contact your TSP or Local Support if you are unsure if your devices require encryption.
This article assumes ITS has completed the backend tasks necessary to allow encryption on your device. Contact your TSP or Local Support if encryption is needed but FileVault Disk Encryption isn't showing up in Jamf Self Service.
Important! You will need local admin rights on the computer to complete these steps successfully. Contact your TSP or Local Support if you have any questions or do not have local admin rights.
Process
Step 1
Open Jamf Self Service. Navigate to Security, find FileVault Disk Encryption, and click "Enable".
Step 2
FileVault begins to install. Once installation completes you will need to reboot the Mac. Jamf does not prompt to reboot and you can reboot at your leisure.
Step 3
When you login after the next reboot, you should receive a pop-up asking you to enable FileVault. Click "Enable Now".
Step 4
macOS then encrypts your computer. Click OK when finished. The password you use to login to your account is also the password used to unlock encryption, no separate password needed.
