Explainedback-iconApple Device Managementback-iconWhat is FileVault on macOS?

What is FileVault on macOS?

What do you do when you have a valuable possession? I personally keep my priceless goods in a safe vault and lock them up with a key. FileVault disk encryption by macOS follows the same concept, but instead of a physical vault, they are stored in a FileVault.

Having a strong encryption method like FileVault can help safeguard sensitive corporate files and ensure information security.

FileVault 2 is a whole-disk encryption tool for mac, that encrypts data to prevent unauthorized access from anyone who doesn’t have the decryption key or the user’s account credentials. It also allows you to utilize ‘Find My Mac’ to wipe your drive remotely in a matter of seconds.

Data is protected from prying eyes when FileVault’s whole-disk encryption is enabled, and all efforts to access it (physically or over the network) will be met with requests to authenticate or error messages declaring that the data cannot be read.

Decryption of device can be done using either of institutional recovery key or personal recovery key. The personal recovery key is a one-time key obtained during the encryption process. If you fail to keep it safely, you won’t be able to decrypt the device. So, if you’re dealing with a work device, our suggestion would be to use an institutional recovery key for encryption.

Hexnode comes with a FileVault policy that can be used to enable FileVault on work deployed devices. With Hexnode, if you’re using institutional recovery key, even if you lose it, you’ll be able to generate a new key and if you’re using personal recovery key, you can escrow the recovery key in to Hexnode so that you can retrieve your encrypted data at any time.