![]() Viewing of Recovery Key (with certain levels of access).Looking at individual computer records can show a wealth of inventory data, including: Knowing whether you were successful in enabling FileVault, or knowing who to target to make a device enabled, is critical both for compliance and reporting, as well as remediation purposes. Whether you use a configuration profile or set up a policy, the most important choice is making sure that the way you’ve chosen to enable it is also allowing you admin access to cryptographic privileges. Jamf Connect Login – Use this just for new machines that are deployed.Įnablement methods can be personal preference.Jamf Pro Policy – Allows customized user experience and messaging. ![]() Configuration Profile – Straightforward, applies universally to targets.You may use more than one, but any given computer should be targeted with just one method. There are three main enablement methods you can choose for managing FileVault. It is easier to establish these practices on the front end of a deployment rather than going back and trying to fix it later. The best practice is to assess what your goals and outcomes are for your deployment workflow, so that you figure out if you need to change or modify your enablement method with an understanding of who gets the token when you’re managing FileVault. There are also a couple of scenarios where if a Jamf policy runs before a user is created, that could cause an unintended user to get the first token.In this case, you need to consider how your deployment affects the token status. If your IT admin sets up a new computer, they are going to be the first one to get the token instead of the day-to-day user.True zero-touch deployment is the most straightforward path for FileVault enablement.The Apple Platform Deployment Guide includes specific scenarios for reference so that you can choose what works for your organization. Required for functions like software updates, managing legacy external extensions. Allows users to access the owner identity key that’s stored in the secure enclave. Volume Ownership – Specific to computers with Apple Silicon.Bootstrap Token – When a SecureToken user is created or signs in, an additional token that gets escrowed to MDM.Required for a user to be FileVault-capable. ![]()
0 Comments
Leave a Reply. |