Dealing with a weird compliance headache today. A bunch of my Macs are suddenly showing up as non-compliant in the portal with the error: “FileVault disk encryption required.”
The catch? I intentionally turned Filevault off on these machines, and I haven’t even touched the FileVault policy settings in Hexnode to require encryption. Has anyone else dealt with this compliance flag? How do I get these devices back to a compliant state without actually turning filevault on?
15 Views
Yeah, I ran into this a while back. To clear the flag, you just need to give Hexnode explicit instructions that Filevault is intentionally disabled.
To do this, create a new macOS FileVault policy and check the box for “Prevent FileVault from being enabled” and you also need to check “Escrow Personal recovery key” in that same policy. Pairing the restriction with the escrow setting is a great workaround that forces the compliance engine to sync up and properly recognize that the unencrypted state is exactly what you want.
We also use the exact same setup for our unencrypted machines.
One thing to keep in mind though: make sure you actually restart the Mac after pushing the policy. macOS can be a bit stubborn with FileVault settings and usually won’t register the change until a reboot. I’d say push it to a test device first, give it a restart, and then check the Action history in the portal to confirm it stuck. The compliance error usually clears right after that.
Don't have an account? Sign up
