Hi everyone, quick question—do we need to disable FileVault before installing Hexnode on macOS devices? Also, can Hexnode enable FileVault automatically, or do we have to do it manually?
19 Views
Replies (3)
Marked SolutionPending Review
Hexnode Expert
10 hours ago
Jan 23, 2026
Marked SolutionPending Review
While it’s not strictly mandatory to disable FileVault before installing Hexnode, it’s highly recommended. Here’s why: if FileVault is already enabled, Hexnode might not be able to fetch and escrow the Personal Recovery Key (PRK) automatically.
If your devices already have FileVault turned on, you’d need to manually run this command on each device to force the PRK to be sent to the portal:
sudo fdesetup changerecovery –personal
As for enabling FileVault automatically, yes, Hexnode can handle that using either of these methods:
-
Enrollment Profile: Add a FileVault policy directly to your enrollment profile so encryption starts automatically during initial setup.
-
Post-Enrollment Policy: Push the policy to devices that are already enrolled.
Also, keep in mind that even if the policy is automated, macOS requires the user to restart the device (or log out and back in) for encryption to actually begin. So, some level of user interaction is unavoidable.
Marked SolutionPending Review
Participant
9 hours ago
Jan 23, 2026
Marked SolutionPending Review
Ah, that makes sense. So if I’m setting up brand-new Macs, it’s best to include the FileVault policy in the enrollment profile. That way users don’t have to do anything manually.
Marked SolutionPending Review
Participant
6 hours ago
Jan 23, 2026
Marked SolutionPending Review
Exactly what I needed. Good to know there’s a fallback if FileVault is already on.
Save
