Enabling FileVault on a Mac computer encrypts the startup disk using XTS-AES encryption, making it secure from unauthorized access.
Only authorized users can access the startup disk with a password or recovery key, preventing data breaches from lost, stolen, or hacked computers.
FileVault is available on all Mac computers with macOS 10.3 or later and can be enabled through the Security & Privacy preferences pane in System Preferences.
When enabled, FileVault encrypts the startup disk in the background, and a recovery key is prompted to unlock the encryption if necessary.
You can create a policy to enable FileVault for a sub-group of devices in the team. Go to Policy management > Create a new policy.
Configure the policy name and description and click Continue
Manage the settings for the selected policy and click Continue
Choose the devices and device groups on which the policy will be installed, and click Continue
Review the settings and click back to edit. If everything is fine, click Finish to upload the FileVault policy to the selected devices.
On the device end, once the FileVault policy is set, Swif will try to retrieve the recovery key in case you need to extract the disk files from the encrypted disk. You can find the recovery key at Device Details > Security > Recovery key.
In some cases, Swif was installed after the encryption was enabled. We won't be able to retrieve the recovery key. We will ask the device owner to give us access to regenerate the recovery key.
If you have any questions about the importance of the FileVault recovery key, you can read it here.