Heyy folks!! I have a question about FileVault. Some of our macOS devices have FileVault enabled by default, and we want to apply a Hexnode policy for FileVault. The issue is that it’s not letting us apply the policy because FileVault is already enabled. Is there a way to mass disable this from MDM?
15 Views
Replies (5)
Marked SolutionPending Review
Participant
1 day ago
Feb 03, 2026
Marked SolutionPending Review
I’ve run into that too. Once FileVault is enabled manually or by default, it kind of locks things down. I don’t think there’s a straightforward way to bulk disable it from MDM.
Marked SolutionPending Review
Participant
1 day ago
Feb 03, 2026
Marked SolutionPending Review
Yeah, same here. We had a batch of Macs with FileVault turned on before enrollment. It caused conflicts when trying to push the FileVault policy from Hexnode. We ended up handling them one by one, which was a pain.
Marked SolutionPending Review
Hexnode Expert
1 day ago
Feb 03, 2026
Marked SolutionPending Review
Thanks for your valuable input everyone.Let me clarify from our side.
Please note that FileVault cannot be disabled from MDM in bulk. If FileVault is already enabled on a device, the Hexnode policy for FileVault cannot override or disable it remotely. You would need to manually disable FileVault on those devices before applying the Hexnode FileVault policy.
Once FileVault is disabled manually, you can then push the Hexnode policy to enforce encryption settings consistently across your managed devices.
Regards,
Mary Romero
Marked SolutionPending Review
Participant
1 day ago
Feb 03, 2026
Marked SolutionPending Review
I was hoping there’d be a magic “disable all” button, but I guess Apple keeps that pretty locked down for security reasons.
Marked SolutionPending Review
Participant
23 hours ago
Feb 03, 2026
Marked SolutionPending Review
Exactly. Apple doesn’t want MDMs to just turn off encryption everywhere. Makes sense from a security standpoint, but yeah, it’s inconvenient when you’re trying to standardize policies.
Save
