FileVault 2

License: Gold

FileVault 2 provides the ability to perform full XTS-AES 128 disk encryption on the contents of a volume.

When you Enable FileVault 2, the following settings are available for configuration:

Category	Settings
FileVault User Settings	Enable FileVault at SetupAssist Default: False If true, and the payload is installed after enrolling with Ivanti Neurons for MDM in Setup Assistant, it requests the Setup Assistant to enable FileVault at setup time. Also, the system ignores all other keys in this payload, except for ShowRecoveryKey. Prerequisite:- Before you enable the file vault in the setup assistant, ensure that the Await Device Configuration during Device Enrollment Setup is enabled in the Device Enrollment Profile. Defer enabling FileVault until the designated user logs out Always prompt user to enable FileVault Maximum number of times a user can bypass enabling FileVault Do not request enabling FileVault at user logout time
Output Path	Enter the path to the location where the recovery key and computer information plist will be stored.
Personal Recovery Key	Create a personal recovery key Display the personal recovery key to the user after FileVault is enabled This option is visible only when Create a personal recovery key is enabled. By default the option is disabled. Enable Institutional Recovery Key: Using Keychain - if no certificate information is provided in this payload the keychain already created at /Library/Keychains/FileVaultMaster.keychain will be used. Select one of the following options: Upload Certificate Certificate Use keychain on the Users System