Ntiva Security Standards - FileVault - Enable
Security and Privacy
Use FileVault to encrypt the startup disk on your Mac. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk.
- Enable FileVault
- Defer Enablement to Logout or Login
- Create Personal Recovery Key (PRK)
- Escrow PRK to Addigy
- FileVault prompts will only be presented to users if they have a SecureToken. This prevents a user from locking themselves out of their Mac when enabling FileVault.
- If a user ignores the prompt to enable FileVault (or accidentally clicks Cancel), they may need to be reminded to Log Out or Restart to trigger the prompt again. You can use Vision-Bot to track the FileVault encryption status of your fleet.
- Once activated, FileVault can only be disabled by the Ntiva management tool.
- If a user activates FileVault before the management system does, a new recovery key must be created and escrowed. You can use Vision-Bot's Device Report to track the FileVault Key Escrowed status of your fleet.
- At a minimum, we recommend all Mac notebooks released since 2018 and running macOS 10.15 or newer be encrypted. You can track the FileVault status of your Macs in Vision-Bot. Please ask us about additions and exceptions to this recommendation across your fleet.
Ntiva FileVault Documentation (Internal Only)