Hi everyone,
We recently started rolling out MacBooks to employees working remotely, and management wants to make sure company data stays protected in case a device gets lost or stolen.
We’re looking into enabling FileVault through Hexnode instead of asking users to do it manually. Has anyone implemented this in their environment, and what are the advantages of using this?
14 Views
Yes, we started enforcing FileVault through Hexnode for all corporate Macs last year. It helped us standardize encryption across devices without depending on users to enable it themselves.
The biggest advantage for us was recovery key management. We escrow the keys to Hexnode, so if someone forgets their password, IT can still help recover the device.
Hi @jimena,
Hexnode allows you to centrally configure and enforce FileVault encryption on macOS devices. FileVault helps protect the data on the Mac by encrypting the startup disk, which is especially useful for remote employees and corporate-owned devices. You can configure this on your Hexnode UEM portal from: Policies > New Policy > macOS > Security > FileVault.
Once configured, you can remotely enable FileVault on managed Macs, prevent users from disabling encryption, configure recovery keys, and securely escrow those recovery keys to the Hexnode portal. You can also decide how many times users are allowed to postpone enabling FileVault.
After the policy is associated with devices, users will receive prompts to enable FileVault on their Macs. Many organizations prefer using both Personal and Institutional Recovery Keys, so IT admins still have a fallback recovery option if needed.
Check out the help documentation on FileVault for more information.
Regards,
Sienna Carter
Hexnode UEM
One thing to note, we initially had a few devices where FileVault was not enabling properly because the user account did not have a Secure Token. After fixing that, the policy worked fine.
Don't have an account? Sign up
